LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 03-19-2012, 02:08 AM   #1
rhadmn
Member
 
Registered: Oct 2009
Location: Bangalore
Distribution: Redhat Linux, Solaris, CentOS
Posts: 32

Rep: Reputation: 1
How to fetch entries in a log file for a particular period of time ?


Hi Team,

I would like to know with the help of shell script how can we find entries in a log file for a period of time.

Say Example : I wish to extract the log entries from 01:05:00 to 02:08:00.

Note:- My log file is a huge one and it contains approx 100 lines/sec.


Log File Look Like Below:-

<7763> <09/08/2010 00:00:03.389> (9)SMS:Read SMS size<38>[4](*********)
<7763> <09/08/2010 00:00:03.390> (9)SMS:Read SMS<38>[100](
<7763> <09/08/2010 00:00:03.390> (9)SMS:Receive Request[100](


Thanks In Advance.
 
Old 03-19-2012, 02:54 AM   #2
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Slackware, CentOS, Ubuntu, Fedora, Timesys, Linux From Scratch
Posts: 1,777
Blog Entries: 20

Rep: Reputation: 115Reputation: 115
A limited ability to select log entries can be done with the grep command. It won't be so simple as identify first and last times. Given the out of order timestamp format, you will need to code some complex conversion. You might use the awk language for that. What scripting languages do you know?
 
Old 03-19-2012, 03:38 AM   #3
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374
Hi,

Regular expressions are your friend, although you need to be careful with false hits.

You only posted a limited example and I assume that the lines are (a lot?) longer then shown.

This seems to work for the layout given:
Code:
awk '/ 01:(0[5-9]|[1-5][0-9]):[[:digit:].]+> / { print $0 } ; / 02:0[0-8]:[[:digit:].]+> / { print $0 }' infile
Example:
Code:
$ cat infile
<7763> <09/08/2010 00:00:00.390> (9)SMS:Read SMS<38>[100]( 
<7763> <09/08/2010 01:03:00.390> (9)SMS:Receive Request[100](
<7763> <09/08/2010 01:05:00.389> (9)SMS:Read SMS size<38>[4](*********)
<7763> <09/08/2010 01:30:02.389> (9)SMS:Read SMS size<38>[4](*********)
<7763> <09/08/2010 01:59:59.389> (9)SMS:Read SMS size<38>[4](*********)
<7763> <09/08/2010 02:00:00.390> (9)SMS:Read SMS<38>[100]( 
<7763> <09/08/2010 02:08:00.390> (9)SMS:Receive Request[100](
<7763> <09/08/2010 02:08:59.390> (9)SMS:Receive Request[100](
<7763> <09/08/2010 02:09:00.389> (9)SMS:Read SMS size<38>[4](*********)
<7763> <09/08/2010 10:00:00.390> (9)SMS:Read SMS<38>[100]( 
<7763> <09/08/2010 23:00:00.390> (9)SMS:Receive Request[100](

$ awk '/ 01:(0[5-9]|[1-5][0-9]):[[:digit:].]+> / { print $0 } ; / 02:0[0-8]:[[:digit:].]+> / { print $0 }' infile
<7763> <09/08/2010 01:05:00.389> (9)SMS:Read SMS size<38>[4](*********)
<7763> <09/08/2010 01:30:02.389> (9)SMS:Read SMS size<38>[4](*********)
<7763> <09/08/2010 01:59:59.389> (9)SMS:Read SMS size<38>[4](*********)
<7763> <09/08/2010 02:00:00.390> (9)SMS:Read SMS<38>[100]( 
<7763> <09/08/2010 02:08:00.390> (9)SMS:Receive Request[100](
<7763> <09/08/2010 02:08:59.390> (9)SMS:Receive Request[100](
Hope this helps.
 
1 members found this post helpful.
Old 03-19-2012, 05:43 AM   #4
rhadmn
Member
 
Registered: Oct 2009
Location: Bangalore
Distribution: Redhat Linux, Solaris, CentOS
Posts: 32

Original Poster
Rep: Reputation: 1
Hi Druuna,

I liked that combination and it really worked for me after doing certain changes.

Thanks a lot for the same.

Thank you Skaperan for looking into the same & for the quick response.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Checking Log Entries for Specific Time Duration devUnix Programming 2 02-02-2012 04:49 PM
secure log file entries not appearing in loganalyzer kaplan71 Linux - Software 4 10-05-2010 01:52 PM
a command or way to log time of iptables LOG entries? dividingbyzero Linux - Security 3 06-06-2008 01:23 AM
Apache log file - logging entries late kirtimaan_bkn Linux - Newbie 1 12-10-2006 05:28 PM
Weird entries in log file KennyK Linux - Security 4 10-17-2003 08:28 PM


All times are GMT -5. The time now is 04:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration