Shell Programming and Scripting

Is there any way I can do scan of log file in Linux, where the log file entries for last 15 minutes can be searched for a particular pattern.

The log file entries are in below format.

2014-01-27T23:08:53.924-0500 LDAP authentication error
2014-01-27T23:08:53.934-0500 LDAP authentication error

My intention is to send an email alert if there is any entry in this file for the pattern in last 15 minutes.

Thanks,
Anand

Logic would be...

1. Get current time

2. subtract 15 minutes from time

3. Convert it to the same format as the log entry: YYYY-01-27 and HH:MM.SS.ddd (you only need the HH:MM)

Code:

date --date-string="- 15 minutes"....depends on o/s...this works on bash

or

date  +%Y-%M-%dT%H:%M --date="-15 minutes"
2014-21-05T16:21

4. grep or awk the log file (using regular expression if need be)...

something to get you started

Hi,

The pattern is as below.

LDAP authentication error: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA

Thanks,
Anand

See this link for doing it in awk...

Time Functions - The GNU Awk User's Guide

Hi,

From your replies i figured out this, but problem is that the command will not output anything if there is no entry for the particular minute, i.e 15 minutes before.

Code:

sed -n "/^$(date --date='15 minutes ago' '+%Y-%m-%dT%H:%M')/,\$p" $ERROR_LOG

Is there any way to fix this?

Thanks & regards,
Anand