Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

parsing a system log file via the 'date' command

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting parsing a system log file via the 'date' command
# 1  
Old 05-09-2007
parsing a system log file via the 'date' command
Hello,

I'm trying to update some scripts here that parse our system logs daily. They report information just fine... but they just report too much info.

Specifically, if there's been some failed login attempts on several different days (say Monday and Tuesday), when I get the report from Wendsday, I don't want to see Wednesday's info *in addition* to Monday & Tuesday (and so on throughout the week).

This is happening because of this syntax that I've found isn't working:

grep -i fail $LOGDIR/$LOG2 |grep `date |awk '{print $2}' ` | grep `date |awk '{print $3}'

This is giving me information for every day in my logfile... not just on the day the script is running - which is what I prefer.

It seems like if I could make use of this aspect of the date command I'd be ok:

% date '+%C'
Wed May 9 08:23:20 EDT 2007

since the 'May 9' (May, with two spaces and then the 9) is exactly how the syntax of the month/day shows up:

May 9 08:27:10 mysystem sshd2[15562]: [ID 702911 auth.error] auths-pam: PAM subprocess returned packet SSH_PAM_OP_ERROR. (err_num: 9, err_msg: Authentication failed)
May 9 08:27:10 mysystem sshd2[15562]: [ID 702911 auth.notice] Password authentication for user cjones failed (from xxx.xxx.xxx.xxx port 53341).

So... my thinking is that if I could find the right use of the 'date' command then I could use that with a grep to pull out *exactly* what I want out of my logfiles. But it's also possible there's a different way to get the same results.

I'd prefer to do this in a sh/csh script also.

Thanks in advance!

-chris
# 2  
Old 05-09-2007
Code:
day=`date +%d`
dt=`date +%b`" "${day#0}
grep "$dt.*fail" filename

# 3  
Old 05-09-2007
Quote:
Originally Posted by anbu23
Code:
day=`date +%d`
dt=`date +%b`" "${day#0}
grep "$dt.*fail" filename

Thanks for the help... but when I cut/paste just those lines into a bourne shell script I get a 'bad substitution' error message. Here's my simple little script:

#!/bin/sh

day=`date +%d`
dt=`date +%b`" "${day#0}
grep "$dt.*fail" /var/adm/SYSLOG

I figure I'm missing something simple. Smilie

-chris
# 4  
Old 05-09-2007
Seems that your shell doesn't support pattern syntax ${day#0}
Try:
Code:
day=`date +%d`
dt=`date +%b`" "`echo ${day}|sed 's/^0//'`
grep "$dt.*fail" /var/adm/SYSLOG


Jean-Pierre.
# 5  
Old 05-10-2007
Quote:
Originally Posted by cjones
Thanks for the help... but when I cut/paste just those lines into a bourne shell script I get a 'bad substitution' error message. Here's my simple little script:

#!/bin/sh

day=`date +%d`
dt=`date +%b`" "${day#0}
grep "$dt.*fail" /var/adm/SYSLOG

I figure I'm missing something simple. Smilie

-chris
Code:
day=`date +%d`
dt=`date +%b`" "`expr $day + 0`
grep "$dt.*fail" filename

# 6  
Old 05-10-2007
Thanks to all ... I was able to get what I needed with all of your help.

-chris
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Answers to Frequently Asked Questions

Compare date in .txt with system date and remove if it's lesser than system date

I m working on shell scripting and I m stuck where in my .txt file there is column as expiry date and I need to compare that date with system date and need to remove all the rows where expiry date is less than system date and create a new .txt with update. (1 Reply)
Discussion started by: Stuti
1 Replies

2. UNIX for Beginners Questions & Answers

Compare date in .txt with system date and remove if it's lesser than system date

Can someone help me with the code wherein there is a file f1.txt with different column and 34 column have expiry date and I need to get that and compare with system date and if expiry date is <system date remove those rows and other rows should be moved to new file f2.txt . I don't want to delete... (2 Replies)
Discussion started by: Stuti
2 Replies

3. Shell Programming and Scripting

Compare the system date with date from a text file

I get the date that's inside a text file and assigned it to a variable. When I grep the date from the file, I get this, Not After : Jul 28 14:09:57 2017 GMT So I only crop out the date, with this command echo $dateFile | cut -d ':' -f 2,4The result would be Jul 28 14:57 2017 GMT How do I... (3 Replies)
Discussion started by: Loc
3 Replies

4. Shell Programming and Scripting

Delete log files content older than 30 days and append the lastest date log file date

To delete log files content older than 30 days and append the lastest date log file date in the respective logs I want to write a shell script that deletes all log files content older than 30 days and append the lastest log file date in the respective logs This is my script cd... (2 Replies)
Discussion started by: sreekumarhari
2 Replies

5. UNIX for Dummies Questions & Answers

Delete a row from a file if one column containing a date is greater than the current system date

Hello gurus, I am hoping someone can help me with the required code/script to make this work. I have the following file with records starting at line 4: NETW~US60~000000000013220694~002~~IT~USD~2.24~20110201~99991231~01~01~20101104~... (4 Replies)
Discussion started by: chumsky
4 Replies

6. Shell Programming and Scripting

Parsing Log File Based on Date & Error

I'm still up trying to figure this out and it is driving me nuts. I have a log file which has a basic format of this... 2010-10-10 22:25:42 Init block 'UA Deployment Date': Dynamic refresh of repository scope variables has failed. The ODBC function has returned an error. The database... (4 Replies)
Discussion started by: k1ko
4 Replies

7. Shell Programming and Scripting

parsing multi-date text file

Hi all: Trying to parse a log file of rsync activity to get the amount of date being transferred. The log file contains multiple dates and what I am trying to do is get the file sizes for the current date. What I have been trying to do is pipe it through awk but I am having trouble retrieving... (1 Reply)
Discussion started by: raggmopp
1 Replies

8. UNIX for Dummies Questions & Answers

Parsing Date to a file name

Hi All There is a file "apple_2008-08-15.log". I have to use grep on this file to collect my test log. There are 45 such files. Is there a command that I can use to dynamically substitute the daily date as part of the file name? As of now Iam renaming the file to the new date and running my... (6 Replies)
Discussion started by: pk_eee
6 Replies

9. Shell Programming and Scripting

Finding & Moving Oldest File by Parsing/Sorting Date Info in File Names

I'm trying to write a script that will look in an /exports folder for the oldest export file and move it to a /staging folder. "Oldest" in this case is actually determined by date information embedded in the file names themselves. Also, the script should only move a file from /exports to... (6 Replies)
Discussion started by: nikosey
6 Replies

10. UNIX for Dummies Questions & Answers

Command DATE in UNIX System

I have a problem... it's possible execute a command DATE with the sintax of LINUX system ??? Example: in Linux i can execute the command line : date -- set "10 minutes" and i have a output the date with the actual date - 10 min. It's possible have the same rusult in the Unix system ????? ... (3 Replies)
Discussion started by: ZINGARO
3 Replies
Login or Register to Ask a Question