LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 12-12-2006, 02:31 PM   #1
zok
Member
 
Registered: Sep 2006
Posts: 42

Rep: Reputation: 15
Simple bash script help


I wrote up a simply script to find out which users have and have not logged into our mail server over the past month. It works if I only analyze one log file ('checklist' is a list of usernames we want to check):

userlist=`cat checklist`
for user in $userlist; do
if grep "Login: $user " /var/log/dovecot.imap.info.log.1 > /dev/null; then
echo $user has logged on
else
echo $user has NOT logged on
fi
done


The problem is that we have a lot of log files to go through, and when I try to use a wildcard in the filename to search through all the logs (var/log/dovecot.*.info.log.*) it doesn't work. I don't know exactly what's happening, but it incorrectly reports that accounts have logged in that I know have not. Does anyone know how I can modify this script to search through multiple log files to find any instance of "Login: $user "?

Thanks,
Jason
 
Old 12-12-2006, 02:46 PM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

Remove the /dev/null redirection and add -n, so you can see where and in which file the grep is picking up false positives:

Code:
if grep -n "Login: $user " /var/log/dovecot.*.info.log.*; then
Dave
 
Old 12-14-2006, 02:03 PM   #3
zok
Member
 
Registered: Sep 2006
Posts: 42

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by ilikejam
Hi.

Remove the /dev/null redirection and add -n, so you can see where and in which file the grep is picking up false positives:

Code:
if grep -n "Login: $user " /var/log/dovecot.*.info.log.*; then
Dave
Thanks for the advice; unfortunately, this doesn't seem to help. There is no output from the grep statement for the false positives, but the script still says the user has logged on. It's as if for some reason the exit status of the grep command is positive -- at some point, somehow, when going through the various log files -- even though it doesn't actually find a match. For example:

$ sudo ./activeacct
root has logged on
daemon has logged on
adm has logged on
sync has logged on
shutdown has logged on
/var/log/dovecot.imap.info.log.21.gz:3897:imap-login: Nov 23 10:57:58 Info: Login: jjames [130.X.X.X]
jjames has logged on
skane1 has logged on

As you can see, grep does find something for jjames and correctly reports that he has logged on, but it doesn't find anything for daemon, adm, sync, etc, yet still reports that they have logged on. (By the way, I'm using zgrep instead of grep, since most of the logs are zipped).
 
Old 12-15-2006, 10:02 AM   #4
dimsum
LQ Newbie
 
Registered: Jul 2005
Posts: 21

Rep: Reputation: 15
Quote:
Originally Posted by zok
It's as if for some reason the exit status of the grep command is positive -- at some point, somehow, when going through the various log files -- even though it doesn't actually find a match.
You're right. Look at this example (there is no 'poppy' in either of the mail.info.*)

~[user@host]if zgrep poppy mail.info.1.gz; then echo yes; else echo no; fi
no
~[user@host]if zgrep poppy mail.info.2.gz; then echo yes; else echo no; fi
no
~[user@host]if zgrep poppy mail.info.1.gz mail.info.2.gz; then echo yes; else echo no; fi
yes
~[user@host]


So, as you see, when grep has more than one file argument, its exit status is true. I don't know why this is, but you can fix it with something like:

if gunzip -c mail.info* | grep "Login: poppy"; then echo yes; else echo no; fi


So the wildcard expansion is done for the arguments to gzip, and grep checks stdin for your usernames. But you'll need to make a special case in your script for the non-zipped logfiles, or figure out a more elegant way of doing it.
 
Old 12-15-2006, 11:56 AM   #5
R Estrada
LQ Newbie
 
Registered: Feb 2006
Posts: 1

Rep: Reputation: 0
I suggest trying this. You can adjust the find command to include other directories and files.

for i in `find /var/log/ -name dovecot.\*.log\*`
do
for user in `cat checklist`
do
if grep "Login: $user " $i >/dev/null 2>&1
then
echo "$user has logged on"
else
echo "$user has NOT logged on"
fi
done
done

HTH.
Rey
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need simple bash script help rickenbacherus Linux - General 1 11-01-2006 02:44 AM
Simple bash script lp449 Linux - Networking 3 08-02-2005 04:25 PM
Simple Bash Script Help njdownes Programming 2 03-05-2005 07:35 AM
Simple Bash Script dmedici Programming 9 12-31-2004 03:48 AM
Help with simple bash script - please tw001_tw Linux - Software 5 12-19-2004 09:02 PM


All times are GMT -5. The time now is 04:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration