LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page grepping a log file
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 04-03-2007, 02:35 AM   #1
graziano1968
Member
 
Registered: Sep 2004
Posts: 223

Rep: Reputation: 30
grepping a log file

Hello

I have an assp log file which contains spam score data for each log line like this

Apr-3-07 03:32:31 PB: 205.158.154.152 score: 0+15 => 15 reason:205.158.154.152:RelayAttempt

I would grep/sed only those messages which have
score > 20 ,


for example

Apr-3-07 03:32:31 PB: 205.158.154.152 score: 30+15 => 45 reason:205.158.154.152:RelayAttempt

should be showed.

how to do that please ?

Thanks !
Last edited by graziano1968; 04-03-2007 at 02:36 AM.
 
Old 04-03-2007, 03:05 AM   #2
yongitz
Member
 
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139

Rep: Reputation: 20
hi there! awk should solve your problem. I'm not really good at it but I've tried the code below and it worked. There maybe other solution nicer than this one..

Code:
awk '{if ($8 > 20) print $1,$2,$3,$4,$5,$6,$7,$8,$9}' logfile
 
Old 04-03-2007, 12:33 PM   #3
graziano1968
Member
 
Registered: Sep 2004
Posts: 223

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by yongitz
hi there! awk should solve your problem. I'm not really good at it but I've tried the code below and it worked. There maybe other solution nicer than this one..

Code:
awk '{if ($8 > 20) print $1,$2,$3,$4,$5,$6,$7,$8,$9}' logfile

f a n t a s t i c , thanks!
 
Old 04-03-2007, 12:48 PM   #4
pwc101
Senior Member
 
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847

Rep: Reputation: 128Reputation: 128
Quote:
Originally Posted by yongitz
hi there! awk should solve your problem. I'm not really good at it but I've tried the code below and it worked. There maybe other solution nicer than this one..

Code:
awk '{if ($8 > 20) print $1,$2,$3,$4,$5,$6,$7,$8,$9}' logfile
A slight refinment might be
Code:
awk '{if ($8 > 20) print $0}' logfile
 
Old 04-04-2007, 01:52 AM   #5
yongitz
Member
 
Registered: Nov 2005
Location: Davao City, Philippines
Distribution: RHEL, CentOS, Ubuntu, Mint
Posts: 139

Rep: Reputation: 20
Quote:
Originally Posted by pwc101
A slight refinment might be
Code:
awk '{if ($8 > 20) print $0}' logfile
A very nice refinement..

Cheers!
 
Old 04-04-2007, 03:51 AM   #6
graziano1968
Member
 
Registered: Sep 2004
Posts: 223

Original Poster
Rep: Reputation: 30
more difficult

suppose I have to accept the result only if the line before had "domain.com" in it

I tried

Code:
awk '{if ($8 > 1 && grep -B1 "domain.com"!="" ) print $0}'
but does not work
Last edited by graziano1968; 04-04-2007 at 04:35 AM.
 
Old 04-04-2007, 04:13 AM   #7
pwc101
Senior Member
 
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847

Rep: Reputation: 128Reputation: 128
I had something similar come up the other day, this is how I did it:
Code:
awk '/domain\.com/ {print $0}'
edit: you need to escape the dot otherwise it'll find "domain com" as well as "domain.com"

edit 2: that'll teach me for not reading your post correctly! You wanted it only if the line before it also contained domain.com. Sorry, my mistake! I think sed might be your friend here.
Last edited by pwc101; 04-04-2007 at 04:19 AM.
 
Old 04-04-2007, 04:35 AM   #8
graziano1968
Member
 
Registered: Sep 2004
Posts: 223

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by pwc101
I had something similar come up the other day, this is how I did it:
Code:
awk '/domain\.com/ {print $0}'
edit: you need to escape the dot otherwise it'll find "domain com" as well as "domain.com"

edit 2: that'll teach me for not reading your post correctly! You wanted it only if the line before it also contained domain.com. Sorry, my mistake! I think sed might be your friend here.
Thank you, yes I am trying to get the result only if the line before contains domain.com

for example

Apr-4-07 05:13:29 88.227.8.201 <murbrianmorrowhat@brianmorrow.com> recipient delayed: mrodriguez@domain.com
Apr-4-07 05:13:39 PB: 88.227.8.201 score: 0+150 => 150 reason:LimitingIPFrequency


Apr-4-07 05:13:39 PB: 88.227.8.201 score: 0+150 => 150 reason:LimitingIPFrequency
should be showed/returned because the line before contains domain.com

on this other case
Apr-4-07 05:13:29 88.227.8.201 <murbrianmorrowhat@brianmorrow.com> recipient delayed: mrodriguez@yahoo.com
Apr-4-07 05:13:39 PB: 88.227.8.201 score: 0+150 => 150 reason:LimitingIPFrequency

the command should return nothing because domain.com is not on the line before.


Thanks
Last edited by graziano1968; 04-04-2007 at 04:37 AM.
 
Old 04-04-2007, 08:49 AM   #9
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Haven't tried this, but maybe this'll inspire you...
Code:
awk 'BEGIN {printNext=0;} {if ($8 > 20) print $0; printNext=0} /domain\.com/ {printNext=1;} {printNext=0}/' logfile
For readability, you might want to put everything between the single quotes in a file and use awk's -f option
to run the awk commands from that file.

I'm not entirely sure of the syntax either. You may need to put a $ before printNext, for instance.
 
Old 04-04-2007, 10:18 AM   #10
SlowCoder
Senior Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Debian based
Posts: 1,250

Rep: Reputation: 164Reputation: 164
I'm no expert, but here's what I'd try ...

grep -A1 logfile domain.com | awk '{if ($8 > 20) print $0}'

Would that work?
 
Old 12-07-2011, 04:57 AM   #11
Vinoth P Gounder
LQ Newbie
 
Registered: Feb 2011
Posts: 2

Rep: Reputation: 0
greping log
awk '/domain\.com/ {print $0}'
 
Old 12-08-2011, 02:52 AM   #12
trey85stang
Senior Member
 
Registered: Sep 2003
Posts: 1,091

Rep: Reputation: 41
Quote:
Originally Posted by graziano1968 View Post
more difficult

suppose I have to accept the result only if the line before had "domain.com" in it

I tried

Code:
awk '{if ($8 > 1 && grep -B1 "domain.com"!="" ) print $0}'
but does not work
Code:
awk '{if($8 > 1) {if(hold ~ "domain.com") {print $0)}} hold=$0}' filename
for readability
Code:
awk '{
  if ( $8 > 1 ) 
  { if ( hold ~ "domain.com" )
    { print $0
    }
  }
  hold=$0
}' filename
Last edited by trey85stang; 12-08-2011 at 02:54 AM. Reason: add code tags...
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Grepping a file for Text going down. keysorsoze Linux - Newbie 3 01-17-2007 09:06 AM
any ideas to reduce log file size or make log file size managed? George2 Programming 2 08-13-2006 06:55 AM
How to control log file size in /var/log? yan Linux - General 2 10-13-2003 05:00 PM
what log file generator that support squid log? heero82 Linux - Software 2 07-11-2003 08:52 PM
iptables, changing log file from /var/log/messages acid2000 Linux - Networking 3 03-11-2003 08:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 11:23 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration