[CentOS] Unable to grep 5 mins logs
Ljubomir Ljubojevic
office at plnet.rs
Mon Jun 13 08:36:22 UTC 2011
John R Pierce wrote:
> On 06/13/11 12:36 AM, ankush grover wrote:
>> Hi Friends!
>>
>> I need to prepare a script which will grep logs from the current time
>> to previous 5 mins that is if the current time is Mon Jun 13 12:40:40
>> IST 2011 then all the logs between the interval Mon Jun 12:35 - 12:40
>> 2011 should be grepped by the script and append it to another file.
>> However, the below script is not able to grep the desired logs, so I
>> need some help in preparing the script. I am running Centos 5.2
>> 32-bit.
>>
>>
>>
>> for (( i = 5; i>=0; i-- )) ; do grep $(date "+%a %b %d %R %Y" -d "-$i
>> min") /var/ossec/logs/active-responses.log>> /tmp/newlog.log;done
>>
>>
>> /var/ossec/logs/active-responses.log format is below
>> Fri Jun 3 15:38:14 IST 2011
>> /var/ossec/active-response/bin/host-deny.sh add - 172.31.5.12
>> 1307095694.71353 31151
>> Fri Jun 3 15:38:14 IST 2011
>> /var/ossec/active-response/bin/firewall-drop.sh add - 172.31.5.12
>> 1307095694.71353 31151
>
> Well,
>
> $ i=5 date "+%a %b %d %R %Y" -d "-$i min"
> Mon Jun 13 00:46 2011
>
> so that probably won't work for matching the text in your logfiles...
>
>
Combine 2-3 greps:
for (( i = 5; i>=0; i-- )) ; do grep `date "+%a"` | grep `date "+%b"` |
grep `date "+%d"` | grep `date "+%Y"` | $(date "+%R" -d "-$i
min") /var/ossec/logs/active-responses.log>> /tmp/newlog.log;done
Change order of greps to gain speed at first cutting part of lines with
most hits.
Ljubomir
More information about the CentOS
mailing list