LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-24-2011, 01:12 PM   #1
noobee26
LQ Newbie
 
Registered: Jun 2011
Posts: 7

Rep: Reputation: Disabled
Searching var/log/updates.log using grep


What I am using

grep -B 1 -A 2 "Installed" /var/log/updates.log

Instead of tailing the log is there a way to grep all lines of the log with word Installed AND today's date? Also, what about grep lines of the log that contain a specific date and more than one word , by example : ('Installed' or 'Failed' on '2011-06-24')?

Any help on this would be appreciated.
 
Old 06-24-2011, 01:48 PM   #2
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 476Reputation: 476Reputation: 476Reputation: 476Reputation: 476
@ Reply

Hi there,

You can either use the following command:

egrep "syslogd" "restart" /var/log/messages

The above command will look for the lines which contains both syslogd and restart

or you can use the following command with grep:

grep -E "syslogd" "restart" /var/log/messages

Same result as that of first command.

I hope this helps.
 
1 members found this post helpful.
Old 06-24-2011, 01:49 PM   #3
Diantre
Member
 
Registered: Jun 2011
Distribution: Slackware
Posts: 495

Rep: Reputation: 212Reputation: 212Reputation: 212
Try something like this:

Code:
egrep '(Installed|Failed).*2011-06-24.*' /var/log/updates.log
That regex would work if the message starts with 'Installed' or 'Failed' and the date comes after.
 
1 members found this post helpful.
Old 06-24-2011, 02:24 PM   #4
noobee26
LQ Newbie
 
Registered: Jun 2011
Posts: 7

Original Poster
Rep: Reputation: Disabled
Looks better but date is not producing any results

Diantre,

The lines in the log begin with the date format as follows:

Fri Jun 24 05:33:01

How do I incorporate that to my egrep versus using the 2011-06-24?

Thanks!!
 
Old 06-24-2011, 02:28 PM   #5
Diantre
Member
 
Registered: Jun 2011
Distribution: Slackware
Posts: 495

Rep: Reputation: 212Reputation: 212Reputation: 212
Quote:
Originally Posted by noobee26 View Post
The lines in the log begin with the date format as follows:

Fri Jun 24 05:33:01

How do I incorporate that to my egrep versus using the 2011-06-24?
That depends on what you want to match exactly, why don't you post a couple lines of the log so I can give you a more precise answer?

For instance, you may want to match log entries in June only, or with a certain time interval. If you don't care about the dates and only want to see entries with the words 'Installed' or 'Failed' use this:

Code:
egrep '.*(Installed|Failed)' /var/log/updates.log
That will match any amount of characters at the beginning and will stop matching when it finds either 'Installed' or 'Failed'.

Last edited by Diantre; 06-24-2011 at 02:45 PM.
 
Old 06-24-2011, 02:45 PM   #6
noobee26
LQ Newbie
 
Registered: Jun 2011
Posts: 7

Original Poster
Rep: Reputation: Disabled
2 lines of code from updates.log

Fri Jun 24 05:31:12 PJT 2011:root: Checking for separate tim files...
Fri Jun 24 05:31:12 PJT 2011:root: No separate tim files found!
 
Old 06-24-2011, 02:47 PM   #7
Diantre
Member
 
Registered: Jun 2011
Distribution: Slackware
Posts: 495

Rep: Reputation: 212Reputation: 212Reputation: 212
noobee26, I just edited my previous post with more info, see if that works for you.
 
Old 06-24-2011, 02:57 PM   #8
noobee26
LQ Newbie
 
Registered: Jun 2011
Posts: 7

Original Poster
Rep: Reputation: Disabled
Diantre,

I tried this
egrep '.*(Installed|Failed)' /var/log/updates.log
It displays results but I only need a specific date range, how do I do that given the new format?
 
Old 06-24-2011, 02:58 PM   #9
Diantre
Member
 
Registered: Jun 2011
Distribution: Slackware
Posts: 495

Rep: Reputation: 212Reputation: 212Reputation: 212
Quote:
Originally Posted by noobee26 View Post
Instead of tailing the log is there a way to grep all lines of the log with word Installed AND today's date?
I just re-read your original post and I see you want today's date. Sorry about that. Maybe this one will help:

Code:
egrep '.*Jun 24.*(Installed|Failed)' /var/log/updates.log
The dot (.) character means 'any character', the asterisk (*) is a modifier that means '0 or more times'. So that regex would read, "match any amount of characters at the beginning of the string, then match 'Jun 24', then any amount of characters, then match either 'Installed' or 'Failed'", then stops matching.
 
Old 06-24-2011, 03:15 PM   #10
noobee26
LQ Newbie
 
Registered: Jun 2011
Posts: 7

Original Poster
Rep: Reputation: Disabled
When I use

egrep '.*Jun 24.*(Installed|Failed)' /var/log/updates.log
at the command line and press enter to execute I am taken to the next line of the command line, nothing displays. There are updates in the log from today.

tim11083.1: Installed successfully!
 
Old 06-24-2011, 03:25 PM   #11
Diantre
Member
 
Registered: Jun 2011
Distribution: Slackware
Posts: 495

Rep: Reputation: 212Reputation: 212Reputation: 212
If nothing is displayed it means nothing is matched. Perhaps the log entry is slightly different and the regex is not matching.

I just tried it in my system like this:

Code:
egrep '.*Jun 24.*(events|daemon)' /var/log/messages
And it works for me, I got a few matches. Show me a few lines of your log again, but ones containing the words you want to match.
 
Old 06-24-2011, 03:34 PM   #12
noobee26
LQ Newbie
 
Registered: Jun 2011
Posts: 7

Original Poster
Rep: Reputation: Disabled
here is a piece for May


tim11052.prn file found -- converting to tim11052.ps
Thu May 5 13:45:21 PJT 2011:root: Print job request: tim11052.ps
tim11052.1: Installed successfully!
 
Old 06-24-2011, 05:26 PM   #13
Diantre
Member
 
Registered: Jun 2011
Distribution: Slackware
Posts: 495

Rep: Reputation: 212Reputation: 212Reputation: 212
Quote:
Originally Posted by noobee26 View Post
tim11052.prn file found -- converting to tim11052.ps
Thu May 5 13:45:21 PJT 2011:root: Print job request: tim11052.ps
tim11052.1: Installed successfully!
Ok. The regex wasn't matching because the "Installed successfully!" text is in another line. This command will match lines with "May 5" and "Installed" or "Failed" in them:

Code:
egrep '.*May 5.*|(Installed|Failed)' /var/log/updates.log
 
Old 06-27-2011, 12:15 PM   #14
noobee26
LQ Newbie
 
Registered: Jun 2011
Posts: 7

Original Poster
Rep: Reputation: Disabled
Diantre,

That is working. But if I use that egrep with the log and updates have ran on different days post Jun 23 than I will see any update that has 'Installed' or 'Failed' in the line regardless of date. Is there a way to egrep the log to make only 'Installed|Failed' display for that specific date range?

Thanks for all the help with this, you have helped a lot
 
Old 06-27-2011, 02:31 PM   #15
Diantre
Member
 
Registered: Jun 2011
Distribution: Slackware
Posts: 495

Rep: Reputation: 212Reputation: 212Reputation: 212
Yes, it's the multiline matching that's a little harder with grep. Assuming the "installed" and "failed" log entries always appear right after the entry with the date, perhaps this one will work better:

Code:
egrep -A1 '.*May 5.*Print job request.*'
Similar to the one you started with. This regex will match lines with one or more characters at the beginning, then match a day of you choice, more text, then the string "Print job request". I'm assuming this string is common for those log entries, if not, you have to change it to something that is. The -A1 parameter prints the next line as you know.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Howto tail -f /var/log/messages | grep isdninfo Mopp Programming 4 07-22-2011 11:00 AM
kernel log format in /var/log/kern.log sinu_nayak2001 Linux - Newbie 2 10-07-2009 09:34 AM
How can I grep/sed the ips only from /var/log/messages? abefroman Programming 1 07-31-2009 02:47 PM
/var/log/messages and /var/log/cron not working sigkill Linux - Software 6 08-09-2008 02:08 PM
Can Samhain log my entries in /var/log/secure and /var/log/mesage to a central server abefroman Linux - Software 2 04-13-2008 05:13 PM


All times are GMT -5. The time now is 02:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration