Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

grep the time within given minutes

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting grep the time within given minutes
# 1  
Old 03-26-2012
grep the time within given minutes
PHP Code:
Mar 26 15:25:11 jdoe TTY=pts/PWD=/home/jdoe USER=root ;
    COMMAND=/usr/bin/su -
Mar 26 15:28:52 jdoe 3 incorrect password attempts TTY=pts/;
    PWD=/home/jdoe USER=root COMMAND=/usr/bin/su -
Mar 25 12:23:07 jdoe TTY=pts/PWD=/home/jdoe USER=root ;
    COMMAND=/usr/bin/su -
Mar 24 11:13:54 jdoe TTY=pts/PWD=/home/jdoe USER=root ;
    COMMAND=/usr/bin/su 
I have this log file and need to see who is accessing root.
I need to be notified as soon as a user is accessing root (which is su -).
If instant alerts are not possible, then I can run it with crontab with 5 or 10 minutes of interval.

Can you please advise how to grep the line that has occurred "now", 5 minutes ago, or 10 minutes ago?

Each access has 2 lines as shown above.

Thank you.

Smilie
# 2  
Old 03-26-2012
Why not just watch the logfile as it's being written with tail -f ?

Code:
tail -f /path/to/logfile | awk '/TTY/ && /USER=root/ { print; getline ; print }'

Last edited by Corona688; 03-26-2012 at 05:48 PM..
# 3  
Old 03-26-2012
I need to get it via e-mail, so tail -f will not work for me on this...
# 4  
Old 03-27-2012
What's your system?
# 5  
Old 03-27-2012
I am on AIX 6.1.
Please advise.
# 6  
Old 03-27-2012
You don't have much in the way of nice date-formatting functions on AIX, but hopefully you have Perl:

Code:
# Get the current time, minus five minutes in MM DD HH MM SS
DATE=$(perl -e 'use POSIX qw(strftime);  print strftime "%m %d %H %M %S\n", localtime(time()+$ARGV[0]);' -- -300 )

Then I'll use awk to turn the Mon Day HH:MM:SS times into "MM DD HH MM SS" times, which can be compared with simple < > for order since they sort alphabetically:

Code:
# Get the time as of 5 minutes ago, i.e. time+(-300 seconds)
DATE=$(perl -e 'use POSIX qw(strftime);  print strftime "%m %d %H %M %S\n", localtime(time()+$ARGV[0]);' -- -300 )

awk -v DATE="$DATE" 'BEGIN {
        split("Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec", M);
        for(X in M) MON[M[X]]=X; }

{ CMP="" }

# Does the line start with a month?  Convert the date into something
# we can compare.
MON[$1] {
        split($3, H, ":");
        # Turn the date into MM DD HH MM SS, since that can be
        # sorted alphabetically on < > etc.
        CMP=sprintf("%02d %02d %s %s %s", MON[$1], $2, H[1], H[2], H[3]);
}

# If we found a date on the line, and it's greater than our
# start point, print this line and the next one
CMP && (CMP >= DATE) { print ; getline ; print }' logfile

This User Gave Thanks to Corona688 For This Post:
Daniel Gate
# 7  
Old 03-27-2012
Thank you! It works GREAT!!
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Check file creation Time minutes and if file older then 5 minutes execute some stuff

Hello all, Info: System RedHat 7.5 I need to create a script that based on the creation time, if the file is older then 5 minutes then execute some stuff, if not exit. I thought to get the creation time and minutes like this. CreationTime=$(stat -c %y /tmp/test.log | awk -F" " '{ print... (3 Replies)
Discussion started by: charli1
3 Replies

2. Shell Programming and Scripting

Grep a log file for the last 5 minutes of contents every 5 minutes

Hi all, System Ubuntu 16.04.3 LTS i have the following log INFO 2019-02-07 15:13:31,099 module.py:700] default: "POST /join/8550614e-3e94-4fa5-9ab2-135eefa69c1b HTTP/1.0" 500 2042 INFO 2019-02-07 15:13:31,569 module.py:700] default: "POST /join/6cb9c452-dcb1-45f3-bcca-e33f5d450105... (15 Replies)
Discussion started by: charli1
15 Replies

3. Shell Programming and Scripting

How to get a time minus 60 minutes?

Hello, date --date '-60 min ago' +'%Y-%m-%d %H:%M:%S,%3N' Above command gives the date and time minus 60 minutes but the problem i am facing is, i do not want to hardcode the value 60 it is stored in a variable var=60 now if i run below command , i get error date --date '-$var min... (3 Replies)
Discussion started by: Ramneekgupta91
3 Replies

4. Shell Programming and Scripting

Time difference in minutes

Hi Folks, I have a text file that has only time in the format HH:MM:SS like seen below. 21:36:17 23:52:08 I need to find the difference in minutes alone from this text file so the result would be 136. Thanks Jay (11 Replies)
Discussion started by: jayadanabalan
11 Replies

5. Solaris

How to show time minus 60 minutes?

In Redhat it is easy.... date --date="60 minutes ago" How do you do this in Solaris? I got creative and got the epoch time but had problems.. EPOCHTIME=`truss date 2>&1 | grep "time()" | awk '{print $3 - 900}'` echo $EPOCHTIME TIME=`perl -e 'print scalar(localtime("$EPOCHTIME")),... (5 Replies)
Discussion started by: s ladd
5 Replies

6. Shell Programming and Scripting

Determine previous time in minutes

I have several logs with where the time stamp in the logs are "YYYYMMDDHHMM". I would like to check the last line in each file to make sure the entry is less than 5 minutes old. My timezone is EST5EDT so the following will work for 1 hour. But I need something easy for 5 minutes ago.... (5 Replies)
Discussion started by: oldman2
5 Replies

7. Shell Programming and Scripting

subtract minutes from time

i have the time 20100421043335 in format (date +%Y%m%d%H%M%S),and i want to be able to get the previous time 2 minutes ago,which is 20100421043135 (9 Replies)
Discussion started by: tomjones
9 Replies

8. Shell Programming and Scripting

how to find the time before 30 minutes

Hi All, I want to find out the time before 30 minutes. I am able to do with in hours limit. date Fri Aug 21 06:50:00 BST 2009 TZ=CST+1 date Fri Aug 21 04:50:02 CST 2009 Can any one please help me (6 Replies)
Discussion started by: vikash_k
6 Replies

9. UNIX for Advanced & Expert Users

Adding # minutes to current time...

Hi all, Looking for a way to add lets say 10 minutes to the current time output should look like 7:15 AM or 7:15 PM. I know that gdate could do this for me but unfortunately its not available on the system I'm working on. So if any one know any way I can accomplish this using the date command it... (7 Replies)
Discussion started by: gptavares
7 Replies

10. Shell Programming and Scripting

how to display time in minutes n seconds...

Hi all, may i know how to display time in minutes and seconds(may be milliseconds and even smaller that ) in shell scripts.... (1 Reply)
Discussion started by: santy
1 Replies
Login or Register to Ask a Question