Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Is there a BASH script allowing me to grep specifics from /var/log/messages?
Top Forums Shell Programming and Scripting Is there a BASH script allowing me to grep specifics from /var/log/messages? Post 302994892 by vgplayer54 on Wednesday 29th of March 2017 08:45:28 AM
Old 03-29-2017
Quote:
Originally Posted by Don Cragun
No. The bottom lines in the Corona688's post were the output produced by running the script he provided with an input file named logentryfile containing the sample data you showed us in post #4. If you want to parameterize his suggestion and read data from standard input (instead of from a file named logentryfile), change your script to something like:
Code:
#!/bin/bash
IAm=${0##*/}
if [ $# -ne 2 ]
then    printf 'Usage: %s start end
    where start and end are starting and ending dates and times in the format
        "MM DD hh:mm:ss"
    representing the start and end times to be selected from the logfile found
    on standard input.
'    "$IAm" >&2
    exit 1
fi
awk -v FIRST="$1" -v LAST="$2"  '
BEGIN {
    split("Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec", A); # A[1]=Jan, etc
    for(X in A) A[A[X]]=sprintf("%02d",X) # Convert A[1]=Jan to A[Jan]=01
}
{    $1=A[$1]
    $2=sprintf("%02d", $2)
} # Substitute two digit months and days into first two fields
($0 >= FIRST) && ($0 <= LAST) # Select and print entries in range.'

When you invoke this script, give it two quoted operands containing your desired start and end dates and times and pipe the logfile you want it to process into it or, if the data is in a file, redirect the input to the script from that file.
Edit: Sorry I didn't see the text at the bottom of your code tags. Thank you so much for your help. So, as an example, assuming I wanted to find all IIS network traffic (port 80) I would type: scriptname "Mar27 10:00:00 10:10:00 DPT=80" <--- is this the correct format?
Last edited by vgplayer54; 03-29-2017 at 10:05 AM..
 

10 More Discussions You Might Find Interesting

1. Solaris

diff b/w /var/log/syslog and /var/adm/messages

hi sirs can u tell the difference between /var/log/syslogs and /var/adm/messages in my working place i am having two servers. in one servers messages file is empty and syslog file is going on increasing.. and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies

2. UNIX for Advanced & Expert Users

/var/adm/messages vs /var/log/messages

The /var/adm/messages in Solaris seem to log more system messages/errors compared to /var/log/messages in Linux. I checked the log level in Linux and they seem OK. Is there any other log file that contains the messages or is it just that Linux doesn't log great many things? (2 Replies)
Discussion started by: gomes1333
2 Replies

3. Solaris

Difference between /var/log/syslog and /var/adm/messages

Hi, Is the contents in /var/log/syslog and /var/adm/messages are same?? Regards (3 Replies)
Discussion started by: vks47
3 Replies

4. Shell Programming and Scripting

How can view log messages between two time frame from /var/log/message or any type of log files

How can view log messages between two time frame from /var/log/message or any type of log files. when logfiles are very big and especially many messages with in few minutes, I would like to display log messages between 5 minute interval. Could you pls give me the command? (1 Reply)
Discussion started by: johnveslin
1 Replies

5. UNIX for Dummies Questions & Answers

/etc/sudoers for allowing oracle user to /var/log/messages

So I want the DBA to access /var/log/messages and so I logged in as root and then edited the sudoers file as follows "oracle ALL= (root) /bin/view, /var/log/messages" However when I login as oracle and try "sudo more /var/log/messages" I get Sorry, user oracle is not allowed to... (1 Reply)
Discussion started by: gubbu
1 Replies

6. UNIX for Dummies Questions & Answers

fprintd messages in /var/log/messages

Whenever a user uses su I get the following error messages in /var/log/messages: Nov 23 04:24:55 <REMOVED> abrt: saved core dump of pid 26141 (/usr/libexec/fprintd) to /var/spool/abrt/ccpp-1322018695-26141.new/coredump (753664 bytes) Nov 23 04:24:55 <REMOVED> abrtd: Directory... (3 Replies)
Discussion started by: JakesHat
3 Replies

7. Shell Programming and Scripting

Script to monitor /var/log/messages

Hello All, I want to write a script to monitor my product logs from /var/log/messages and send notifications without using "tail -f" command.Please suggest alternatives and any other tools for monitoring and alerting. Thank You (1 Reply)
Discussion started by: Cva2568
1 Replies

8. Shell Programming and Scripting

Log all the commands input by user at real time in /var/log/messages

Below is my script to log all the command input by any user to /var/log/messages. But I cant achieve the desired output that i want. PLease see below. function log2syslog { declare COMMAND COMMAND=$(fc -ln -0) logger -p local1.notice -t bash -i -- "$USER:$COMMAND" } trap... (12 Replies)
Discussion started by: invinzin21
12 Replies

9. Shell Programming and Scripting

Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog

I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog. tail -f /var/log/messages dblogger: msg_to_dbrow: no logtype using missing dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies

10. Shell Programming and Scripting

[bash] script is filling up my /var/log

I am trying to create a script that checks if my VPN connection is up and running... Everything seems to work as except but for some reason, the script fills up my /var/log/auth.log with the below information Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ;... (5 Replies)
Discussion started by: soichiro
5 Replies

LEARN ABOUT MOJAVE

periodic

PERIODIC(8)						    BSD System Manager's Manual 					       PERIODIC(8)

NAME

     periodic -- run periodic system functions

SYNOPSIS

     periodic directory ...

DESCRIPTION

     The periodic utility is intended to be called by launchd(8) to execute shell scripts located in the specified directory.

     One or more of the following arguments must be specified:

     daily    Perform the standard daily periodic executable run.  This usually occurs early in the morning (local time).

     weekly   Perform the standard weekly periodic executable run.  This usually occurs very early on Saturday mornings.

     monthly  Perform the standard monthly periodic executable run.  This usually occurs on the first day of the month.

     path     An arbitrary directory containing a set of executables to be run.

     If an argument is an absolute directory name it is used as is, otherwise it is searched for under /etc/periodic and any other directories
     specified by the local_periodic setting in periodic.conf(5) (see below).

     The periodic utility will run each executable file in the directory or directories specified.  If a file does not have the executable bit
     set, it is silently ignored.

     Each script is required to exit with one of the following values:

     0	   The script has produced nothing notable in its output.  The <basedir>_show_success variable controls the masking of this output.

     1	   The script has produced some notable information in its output.  The <basedir>_show_info variable controls the masking of this output.

     2	   The script has produced some warnings due to invalid configuration settings.  The <basedir>_show_badconfig variable controls the mask-
	   ing of this output.

     >2    The script has produced output that must not be masked.

     If the relevant variable (where <basedir> is the base directory in which the script resides) is set to ``NO'' in periodic.conf, periodic will
     mask the script output.  If the variable is not set to either ``YES'' or ``NO'', it will be given a default value as described in
     periodic.conf(5).

     All remaining script output is delivered based on the value of the <basedir>_output setting.

     If this is set to a path name (beginning with a '/' character), output is simply logged to that file.  newsyslog(8) knows about the files
     /var/log/daily.log, /var/log/weekly.log and /var/log/monthly.log, and if they exist, it will rotate them at the appropriate times.  These are
     therefore good values if you wish to log periodic output.

     If the <basedir>_output value does not begin with a '/' and is not empty, it is assumed to contain a list of email addresses, and the output
     is mailed to them.  If <basedir>_show_empty_output is set to ``NO'', then no mail will be sent if the output was empty.

     If <basedir>_output is not set or is empty, output is sent to standard output.

ENVIRONMENT

     The periodic utility sets the PATH environment to include all standard system directories, but no additional directories, such as
     /usr/local/bin.  If executables are added which depend upon other path components, each executable must be responsible for configuring its
     own appropriate environment.

FILES

     /System/Library/LaunchDaemons/com.apple.periodic-*.plist
				  the periodic utility is typically called via these launchd(8) jobs

     /etc/periodic		  the top level directory containing daily, weekly, and monthly subdirectories which contain standard system peri-
				  odic executables

     /etc/defaults/periodic.conf  the periodic.conf system registry contains variables that control the behaviour of periodic and the standard
				  daily, weekly, and monthly scripts

     /etc/periodic.conf 	  this file contains local overrides for the default periodic configuration

EXIT STATUS

     Exit status is 0 on success and 1 if the command fails.

EXAMPLES

     The /etc/defaults/periodic.conf system registry will typically have a local_periodic variable reading:

	   local_periodic="/usr/local/etc/periodic"

     To log periodic output instead of receiving it as email, add the following lines to /etc/periodic.conf:

	   daily_output=/var/log/daily.log
	   weekly_output=/var/log/weekly.log
	   monthly_output=/var/log/monthly.log

     To only see important information from daily periodic jobs, add the following lines to /etc/periodic.conf:

	   daily_show_success=NO
	   daily_show_info=NO
	   daily_show_badconfig=NO

DIAGNOSTICS

     The command may fail for one of the following reasons:

     usage: periodic <directory of files to execute>  No directory path argument was passed to periodic to specify where the script fragments
     reside.

     <directory> not found  Self explanatory.

SEE ALSO

     sh(1), periodic.conf(5), launchd(8), newsyslog(8)

HISTORY

     The periodic utility first appeared in FreeBSD 3.0.

AUTHORS

     Paul Traina <pst@FreeBSD.org>
     Brian Somers <brian@Awfulhak.org>

BUGS

     Since one specifies information about a directory using shell variables containing the string, <basedir>, <basedir> must only contain charac-
     ters that are valid within a sh(1) variable name, alphanumerics and underscores, and the first character may not be numeric.

BSD
								  August 30, 2007							       BSD
All times are GMT -4. The time now is 03:17 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy