Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

AIX UNIX - script on how to extract from log file with previous date

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers AIX UNIX - script on how to extract from log file with previous date
# 1  
Old 12-18-2014
AIX UNIX - script on how to extract from log file with previous date
Hello,

I am new to this forum so any assistance would help.

I am currently trying to develop a script that extract all data from a log file with has the previous day's date.
Code:
$ <root@aixtest3> /var/log > more sudo.log
May  13 10:52:10 aixtest3 local2:notice sudo:   tbrath : TTY=unknown ;  PWD=/prodenvdumps ; USER=root ; COMMAND=/usr/bin/su - sybtest3
Dec 15 14:10:38 aixtest3 local2:notice sudo:   klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/smit
Dec 15 14:10:38 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;
    COMMAND=/usr/bin/smit
Dec 15 14:10:59 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;
    COMMAND=/usr/bin/smit
Dec 15 14:10:59 aixtest3 local2:notice sudo:   klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/smit
Dec  16 14:58:33 aixtest3 local2:notice sudo:   klewis : TTY=unknown ;  PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/su - sybtest3
Dec 16 14:58:33 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;
    COMMAND=/usr/bin/su - sybtest3
Dec  17 15:08:04 aixtest3 local2:alert sudo:   klewis : command not allowed ;  TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/su -  tbrath
Dec 17 15:08:04 : klewis : command not allowed ; TTY=unknown ; PWD=/home/klewis
    ; USER=root ; COMMAND=/usr/bin/su - tbrath
Dec  18 07:25:09 aixtest3 local2:notice sudo:   klewis : TTY=unknown ;  PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/su - sybtest3
Dec 18 07:25:09 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;
    COMMAND=/usr/bin/su - sybtest3
Dec 18 07:25:41 aixtest3 local2:notice sudo:   klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/smit
Dec 18 07:25:41 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;
    COMMAND=/usr/bin/smit

Above is sample data from the log file. Essentially I would like to have all data with the previous date (in this case is Dec 17) extracted and output to a new file. Script should be able to do this regardless of what the previous day is.

Any help please!!!
Last edited by vbe; 12-18-2014 at 11:14 AM..
# 2  
Old 12-18-2014
Code:
Dec  17 15:08:04...
Dec 17 15:08:04 ...

Is that an artefact in copy/paste?
# 3  
Old 12-18-2014
Quote:
Originally Posted by Kslew82
Essentially I would like to have all data with the previous date (in this case is Dec 17) extracted and output to a new file. Script should be able to do this regardless of what the previous day is.
This boils down to using "grep" to filter out all the lines starting with a certain date. The command to get dates is "date", but the AIX-"date" lacks (like any POSIX-compatible "date"-command) the "-d" option of the GNU-"date". Still, it is possible to modify the "TZ"-variable (timezone) to achieve what you want. Notice:

Code:
# TZ=GMT date
Thu Dec 18 15:20:28 GMT 2014
# TZ=GMT-24 date
Fri Dec 19 15:20:35 GMT 2014
# TZ=GMT+24 date
Wed Dec 17 15:20:41 GMT 2014

I have no AIX-machine at hand, so i can't look up the exact format-string, but you can easily do that yourself: look up the man page of "date" to find out "date" and then do (depending on your timezone put in some number to get the last day):

Code:
grep "^$(GMT+<num> date +'<some-format>')" /path/to/logfile

I hope this helps.

bakunin
This User Gave Thanks to bakunin For This Post:
sumitsks
# 4  
Old 12-23-2014
Hello bakunin,

Here is what I tried but i didn't get any results:
Code:
grep "^$ (GMT+24 date+'%d/%m/%Y')" /var/log/sudo.log

Should this also grep the data also associated with the previous day's date.

Kslew82
# 5  
Old 12-23-2014
Hello Kslew82,

Could you please try following, you can use 1 day ago in place of 5 days ago, let me know if this helps.
Code:
awk -vDATE="$(date -d"5 days ago" +%b" "%d)" '{if($1 OFS $2 ~ DATE){print $0}}'  Input_file

Output will be as follows.
Code:
Dec  18 07:25:09 aixtest3 local2:notice sudo:   klewis : TTY=unknown ;  PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/su - sybtest3
Dec 18 07:25:09 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;
Dec 18 07:25:41 aixtest3 local2:notice sudo:   klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/smit
Dec 18 07:25:41 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;

Thanks,
R. Singh
# 6  
Old 12-23-2014
Hi Ravinder,

Thanks for your swift response.

I tried the command you provided but I got the below result:
Code:
$ <root@aixtest3> /var/log > awk -vDATE="$(date -d"5 days ago" +%b" "%d)" '{if($1 OFS $2 ~ DATE){print $0}}' /var/log/sudo.log
date: Not a recognized flag: d
Usage: date [-n][-u] [mmddHHMM[[cc]yy]] [+"Field Descriptors"]
Usage: date [-n][-u] [mmddHHMM[.SS[cc]yy]] [+"Field Descriptors"]
Usage: date [-a] [[+|-]sss.fff]
May 13 10:52:10 aixtest3 local2:notice sudo:   tbrath : TTY=unknown ; PWD=/prodenvdumps ; USER=root ; COMMAND=/usr/bin/su - sybtest3
Dec 15 14:10:38 aixtest3 local2:notice sudo:   klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/smit
Dec 15 14:10:38 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;
    COMMAND=/usr/bin/smit
Dec 15 14:10:59 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;
    COMMAND=/usr/bin/smit
Dec 15 14:10:59 aixtest3 local2:notice sudo:   klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/smit
Dec 16 14:58:33 aixtest3 local2:notice sudo:   klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/su - sybtest3
Dec 16 14:58:33 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;
    COMMAND=/usr/bin/su - sybtest3
Dec 17 15:08:04 aixtest3 local2:alert sudo:   klewis : command not allowed ; TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/su - tbrath
Dec 17 15:08:04 : klewis : command not allowed ; TTY=unknown ; PWD=/home/klewis
    ; USER=root ; COMMAND=/usr/bin/su - tbrath
Dec 18 07:25:09 aixtest3 local2:notice sudo:   klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/su - sybtest3
Dec 18 07:25:09 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;
    COMMAND=/usr/bin/su - sybtest3
Dec 18 07:25:41 aixtest3 local2:notice sudo:   klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ; COMMAND=/usr/bin/smit
Dec 18 07:25:41 : klewis : TTY=unknown ; PWD=/home/klewis ; USER=root ;

Any reason for this?

Kslew82

---------- Post updated at 11:03 AM ---------- Previous update was at 11:02 AM ----------

It pulled everything and not the specific day required.
# 7  
Old 12-23-2014
Hello kslew82,

Seems you are not using GNU date. Could you please try following and let me know if this helps.
Code:
awk -vDATE="$((`date +%d` -5))" '($2 == DATE){print}'  Input_file

Thanks,
R. Singh
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to get previous day from UNIX AIX?

Does anybody know how to get previous day on UNIX AIX? I tried TZ=XYZ+24 date '+%y%m%d' But it doesn't understand Thanks for contribution (6 Replies)
Discussion started by: digioleg54
6 Replies

2. UNIX for Dummies Questions & Answers

Extract date ranged data from log file

Hi, I am trying to extract lines of data within a log file on a Redhat 5 Linux system. eg I need all the lines with a particular username over the last 3 minutes. the log file may read like this, and I want a way to search all the lines extracting all the relevant lines over the last 3... (2 Replies)
Discussion started by: mantis100
2 Replies

3. Shell Programming and Scripting

finding the previous day date and creating a file with date

Hi guys, I had a scenario... 1. I had to get the previous days date in yyyymmdd format 2. i had to create a file with Date inthe format yyyymmdd.txt format both are different thanks guys in advance.. (4 Replies)
Discussion started by: apple2685
4 Replies

4. Shell Programming and Scripting

Script to check file with previous date

Hi all,I need your help to create the script.I need a script to check the ZIP file at network location with yesterday date name. ZIP file creation date is current date, but name of the zip file is previous date. for example file name "20110216.zip" created today 201102017.I just want to return the... (1 Reply)
Discussion started by: deepaksingla
1 Replies

5. Shell Programming and Scripting

Extract info from log file and compute using time date stamp

Looking for a shell script or a simple perl script . I am new to scripting and not very good at it . I have 2 directories . One of them holds a text file with list of files in it and the second one is a daily log which shows the file completion time. I need to co-relate both and make a report. ... (0 Replies)
Discussion started by: breez_drew
0 Replies

6. Shell Programming and Scripting

Extract data from log file from or after the specific date

Hi , I am having a script which will start a process and appends the process related logs to a log file. The log file writes logs with every line starting with date in the format of: date +"%Y %b %d %H:%M:%S". So, in the script, before I start the process, I am storing the date as DATE=`date +"%Y... (5 Replies)
Discussion started by: chiru_h
5 Replies

7. Shell Programming and Scripting

Extract date from log file

Hello All, I just need to extract the date portion from a apache log file I am able to do it using the chain of command - Logfile contents - First record - ========================== 197.130.211.240 - - "GET /jp/index.shtml HTTP/1.1" 200 24255... (4 Replies)
Discussion started by: jambesh
4 Replies

8. Shell Programming and Scripting

Specify a previous date as start date in shell script

Hi, I am trying to modify a script which accepts date in format dd/mm/yy. I am trying to modify the script so that it retrieves the date that was 15 days earlier from today as start date. Eg.if today is 05/09/2006, the script should retrieve 21/08/2006 as start date. Is there any script/code to... (2 Replies)
Discussion started by: ritzwan0
2 Replies

9. HP-UX

previous DATE and operation IN HP/UNIX

It's possible make a add/Subtracttion a day with command DATE with a command similar a GNU/LINUX??? ex. date --set '10 minutes' ( return the same date minus 10 minutes) it's possible make this operation in HP/UX??? (1 Reply)
Discussion started by: ZINGARO
1 Replies

10. Shell Programming and Scripting

Capturing previous date in UNIX

Hi All, Hope you can help me out here...This is what I'm doing: % date '+%y.%m.%d' 05.03.05 How can I tweak this so that it gives me the PREVIOUS date, more specifically: 05.03.04 Hope you all can help. Thanks!!! Vince (3 Replies)
Discussion started by: tomeldan
3 Replies
Login or Register to Ask a Question