Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

How to grep

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting How to grep
# 1  
Old 05-24-2007
How to grep
I am coding a script to grep information in /var/adm/messages which I need to grep the lastest infomation when the script is ran. For example, in /var/adm/messages contains information like this

May 23 17:28:55 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/1 FROM 172.17.128.17
May 23 17:30:30 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/2 FROM 172.17.128.17
May 24 08:42:49 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/1 FROM 172.17.128.25
May 24 08:44:31 stmtrmdbp2 last message repeated 1 time
May 24 09:51:43 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/1 FROM 172.17.128.17
May 24 10:35:13 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/1 FROM 172.17.128.17
May 24 10:40:09 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/2 FROM 172.17.128.17
May 24 10:45:09 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/2 FROM 172.17.128.17

When the script run at May 24 10:46:00, Could it prints info at the last 10 minutes before the script run?
Result should be

May 24 10:40:09 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/2 FROM 172.17.128.17
May 24 10:45:09 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/2 FROM 172.17.128.17

Thank u in Advance
# 2  
Old 05-24-2007
Code:
hr=$( date +%H )
min=$( date +%M )
temp=$(( hr * 60 + min -10 ))
nhr=$(( temp / 60 ))
nmin=$(( temp - nhr * 60 ))
awk -F"[ :]" ' $3 >= "'$nhr'" && $4 >= "'$nmin'" ' filename

# 3  
Old 05-24-2007
Code:
awk 'BEGIN{ 
             tenmin=10*60 
             now=systime()
             date["May"]=5;date["Jan"]=1 #and so on
             "date +%Y" | getline year            
}
{
 n=split($3,t,":") 
 logtime = year" "date[$1]" "$2" "t[1]" "t[2]" "t[3]" 0 0 0"
 a = mktime(logtime)
 if ( (now - a) < tenmin ) { print} 
}' "file"

# 4  
Old 05-24-2007
Thank you for your reply but it's not work both

For anbu23 ; I tried to test awk -F"[ :]" ' $3 >= "'$nhr'" && $4 >= "'$nmin'" ' filename by fix value such as awk -F"[ :]" ' $3 >= "10" && $4 >= "46" ' /var/adm/messages but nothing display

For ghostdog74 ; when i run the script that u gave so i found the error
awk: syntax error near line 3
awk: illegal statement near line 3
awk: syntax error near line 5
awk: illegal statement near line 5

Thank for all ur help
# 5  
Old 05-24-2007
Quote:
Originally Posted by unitipon
Thank you for your reply but it's not work both

For anbu23 ; I tried to test awk -F"[ :]" ' $3 >= "'$nhr'" && $4 >= "'$nmin'" ' filename by fix value such as awk -F"[ :]" ' $3 >= "10" && $4 >= "46" ' /var/adm/messages but nothing display

For ghostdog74 ; when i run the script that u gave so i found the error
awk: syntax error near line 3
awk: illegal statement near line 3
awk: syntax error near line 5
awk: illegal statement near line 5

Thank for all ur help
Code:
$ cat file
May 23 17:28:55 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/1 FROM 172.17.128.17
May 23 17:30:30 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/2 FROM 172.17.128.17
May 24 08:42:49 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/1 FROM 172.17.128.25
May 24 08:44:31 stmtrmdbp2 last message repeated 1 time
May 24 09:51:43 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/1 FROM 172.17.128.17
May 24 10:35:13 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/1 FROM 172.17.128.17
May 24 10:40:09 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/2 FROM 172.17.128.17
May 24 10:45:09 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/2 FROM 172.17.128.17
$ awk -F"[ :]" ' $3 >= "10" && $4 >= "40" ' file
May 24 10:40:09 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/2 FROM 172.17.128.17
May 24 10:45:09 stmtrmdbp2 login: [ID 254462 auth.notice] ROOT LOGIN /dev/pts/2 FROM 172.17.128.17

Make sue you have entries in your file after time 10:46.
# 6  
Old 05-24-2007
Bug Thank
Dear anbu23,

Quote:
I use awk -F" :" ' $3 >= "10" && $4 >= "40" ' file so the result will print out. Thank alot for ur help Smilie

When the file has entires liks this

May 24 17:15:12 stmtrmdbp1 su: [ID 366847 auth.info] 'su uusts00' succeeded for root on /dev/???
May 24 17:24:45 stmtrmdbp1 su: [ID 366847 auth.info] 'su oracle' succeeded for root on /dev/???
May 24 17:44:48 stmtrmdbp1 last message repeated 4 times
May 24 18:01:11 stmtrmdbp1 su: [ID 366847 auth.info] 'su xmuser' succeeded for root on /dev/???
May 24 18:11:13 stmtrmdbp1 su: [ID 366847 auth.info] 'su uusts00' succeeded for root on /dev/???
May 24 18:12:45 stmtrmdbp1 su: [ID 366847 auth.info] 'su oracle' succeeded for root on /dev/???
May 24 18:13:47 stmtrmdbp1 last message repeated 1 time
May 24 18:14:11 stmtrmdbp1 su: [ID 366847 auth.info] 'su xmuser' succeeded for root on /dev/???
May 24 18:41:13 stmtrmdbp1 su: [ID 366847 auth.info] 'su uusts00' succeeded for root on /dev/???
May 24 18:42:46 stmtrmdbp1 su: [ID 366847 auth.info] 'su oracle' succeeded for root on /dev/???
May 24 18:46:48 stmtrmdbp1 last message repeated 1 time
May 24 18:47:10 stmtrmdbp1 su: [ID 366847 auth.info] 'su xmuser' succeeded for root on /dev/???
May 24 18:47:12 stmtrmdbp1 su: [ID 366847 auth.info] 'su uusts00' succeeded for root on /dev/???
May 24 18:47:46 stmtrmdbp1 su: [ID 366847 auth.info] 'su oracle' succeeded for root on /dev/???
May 24 18:47:48 stmtrmdbp1 last message repeated 1 time
May 24 18:48:11 stmtrmdbp1 su: [ID 366847 auth.info] 'su xmuser' succeeded for root on /dev/???
May 24 18:48:13 stmtrmdbp1 su: [ID 366847 auth.info] 'su uusts00' succeeded for root on /dev/???
May 24 18:48:44 stmtrmdbp1 su: [ID 366847 auth.info] 'su oracle' succeeded for root on /dev/???

So I tried to awk -F" :" ' $3 >= "18" && $4 >= "40" ' file then the result will show all the 18th hour . how to solve it
Last edited by unitipon; 05-24-2007 at 09:00 AM.. Reason: Misunderstand
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Inconsistent `ps -eaf -o args | grep -i sfs_pcard_load_file.ksh | grep -v grep | wc -l`

i have this line of code that looks for the same file if it is currently running and returns the count. `ps -eaf -o args | grep -i sfs_pcard_load_file.ksh | grep -v grep | wc -l` basically it is assigned to a variable ISRUNNING=`ps -eaf -o args | grep -i sfs_pcard_load_file.ksh |... (6 Replies)
Discussion started by: wtolentino
6 Replies

2. UNIX for Dummies Questions & Answers

Piping grep into awk, read the next line using grep

Hi, I have a number of files containing the information below. """"" Fundallinfo 6.3950 14.9715 14.0482 """"" I would like to grep for Fundallinfo and use it to read the next line? I ideally would like to read the three numbers that follow in the next line and... (2 Replies)
Discussion started by: Paul Moghadam
2 Replies

3. UNIX for Dummies Questions & Answers

Bash - CLI - grep - Passing result to grep through pipe

Hello. I want to get all modules which are loaded and which name are exactly 2 characters long and not more than 2 characters and begin with "nv" lsmod | (e)grep '^nv???????????? I want to get all modules which are loaded and which name begin with "nv" and are 2 to 7 characters long ... (1 Reply)
Discussion started by: jcdole
1 Replies

4. Shell Programming and Scripting

AWK/GREP: grep only lines starting with integer

I have an input file 12.4 1.72849432773174e+01 -7.74784188610632e+01 12.5 9.59432114416327e-01 -7.87018212757537e+01 15.6 5.20139995965960e-01 -5.61612429666624e+01 29.3 3.76696387248366e+00 -7.42896194101892e+01 32.1 1.86899877018077e+01 -7.56508762501408e+01 35 6.98857157014640e+00... (2 Replies)
Discussion started by: chrisjorg
2 Replies

5. UNIX for Dummies Questions & Answers

Advanced grep'in... grep for data next to static element.

I have a directory I need to grep which consists of numbered sub directories. The sub directory names change daily. A file resides in this main directory that shows which sub directories are FULL backups or INCREMENTAL backups. My goal is to grep the directory for the word "full" and then... (2 Replies)
Discussion started by: SysAdm2
2 Replies

6. UNIX for Dummies Questions & Answers

Difference between grep, egrep & grep -i

Hi All, Please i need to know the difference between grep, egrep & grep -i when used to serach through a file. My platform is SunOS 5.9 & i'm using the korn shell. Regards, - divroro12 - (2 Replies)
Discussion started by: divroro12
2 Replies

7. Shell Programming and Scripting

grep for certain files using a file as input to grep and then move

Hi All, I need to grep few files which has words like the below in the file name , which i want to put it in a file and and grep for the files which contain these names and move it to a new directory , full file name -C20091210.1000-20091210.1100_SMGBSC3:1000... (2 Replies)
Discussion started by: anita07
2 Replies

8. UNIX for Dummies Questions & Answers

| help | unix | grep (GNU grep) 2.5.1 | advanced regex syntax

Hello, I'm working on unix with grep (GNU grep) 2.5.1. I'm going through some of the newer regex syntax using Regular Expression Reference - Advanced Syntax a guide. ls -aLl /bin | grep "\(x\)" Which works, just highlights 'x' where ever, when ever. I'm trying to to get (?:) to work but... (4 Replies)
Discussion started by: MykC
4 Replies

9. UNIX for Dummies Questions & Answers

| help | unix | grep - Can I use grep to return a string with exactly n matches?

Hello, I looking to use grep to return a string with exactly n matches. I'm building off this: ls -aLl /bin | grep '^.\{9\}x' | tr -s ' ' -rwxr-xr-x 1 root root 632816 Nov 25 2008 vi -rwxr-xr-x 1 root root 632816 Nov 25 2008 view -rwxr-xr-x 1 root root 16008 May 25 2008... (7 Replies)
Discussion started by: MykC
7 Replies

10. Shell Programming and Scripting

MEM=`ps v $PPID| grep -i db2 | grep -v grep| awk '{ if ( $7 ~ " " ) { print 0 } else

Hi Guys, I need to set the value of $7 to zero in case $7 is NULL. I've tried the below command but doesn't work. Any ideas. thanks guys. MEM=`ps v $PPID| grep -i db2 | grep -v grep| awk '{ if ( $7 ~ " " ) { print 0 } else { print $7}}' ` Harby. (4 Replies)
Discussion started by: hariza
4 Replies
Login or Register to Ask a Question