[CentOS] Unable to grep 5 mins logs
ankush grover
ankushcentos at gmail.com
Tue Jun 14 06:59:04 UTC 2011
>>
>> It is really slow when 2-3 greps are combined.
>>
>
> But it will do the job until you solve this with more elegance.
>
> What you can try is to compile search pattern from 2-3 date outputs so
> it will match the text in the log.
>
>
> dayname="$(date "+%a")"; month="$(date "+%b")"; time="$(date "+%d")";
> year="$(date "+%Y")";
> search1="$dayname $month $time $year" # add spaces where needed and
> order parts properly to match log
> for (( i = 5; i>=0; i-- )) ; do grep $(date "+%R" -d "-$i
> min") /var/ossec/logs/active-responses.log | grep $search1 >>
> /tmp/newlog.log;done
>
> Also consider dropping parts like day as a name when you have day as a
> number to speed up.
>
> Ljubomir
Thanks a lot Ljubomir :)
The script is below
month="$(date "+%b")"; time="$(date "+%d")";year="$(date "+%Y")";
search1="$month $time"
echo "$search1"
for (( i = 5; i>=0; i-- )) ; do grep $(date "+%R" -d "-$i min")
/var/ossec/logs/active-responses.log | grep "$search1" | grep "$year"
>> /tmp/ossecactive.log;done
More information about the CentOS
mailing list