[CentOS] Unable to grep 5 mins logs

Ljubomir Ljubojevic office at plnet.rs
Mon Jun 13 22:49:23 UTC 2011


ankush grover wrote:
> Combine 2-3 greps:
>> for (( i = 5; i>=0; i-- )) ; do grep `date "+%a"` | grep `date "+%b"` |
>> grep `date "+%d"` | grep `date "+%Y"` | $(date "+%R" -d "-$i
>> min") /var/ossec/logs/active-responses.log>>  /tmp/newlog.log;done
>>
>> Change order of greps to gain speed at first cutting part of lines with
>> most hits.
>>
>> Ljubomir
>> _
> 
> It is really slow when 2-3 greps are combined.
> 

But it will do the job until you solve this with more elegance.

What you can try is to compile search pattern from 2-3 date outputs so 
it will match the text in the log.


dayname="$(date "+%a")"; month="$(date "+%b")"; time="$(date "+%d")"; 
year="$(date "+%Y")";
search1="$dayname  $month $time $year" # add spaces where needed and 
order parts properly to match log
for (( i = 5; i>=0; i-- )) ; do grep $(date "+%R" -d "-$i
min") /var/ossec/logs/active-responses.log | grep $search1 >> 
/tmp/newlog.log;done

Also consider dropping parts like day as a name when you have day as a 
number to speed up.

Ljubomir



More information about the CentOS mailing list