Search for string in new files

Hi,
I would like a command or a bash script that search all files in all sub, modified last 12 hours, in /var/logs and that contains "alfa" or "bravo". The output should be filename of the file or files that contains that.

I have tried different combinations of date, grep, egrep and find. Any ideas is welcome. Thanks!

Quote:

Originally Posted by andben I have tried different combinations of date, grep, egrep and find.

Please post what variations you tried, that way it will be easier for us to correct you.

Hi,
I am testing this with a Smoothwall firewall. I have activated IMspector and it generate a file for each chat named something like ****2010-07-05***. I would like to seach any file, created today, in any subfolder of /var/log/IMspector/MSN/ for a keyword, like "nuclear".

I did test "find /var/log/imspector/ -mtime -1" to find all files created today. I did test "date +%Y-%m-%d" to get a correct dateformat, to use when I search for files. I also tried "egrep -l -w 'nuclear|chemical' -r *" to get all files with the keywords.

But I cant get it to work together.

Thanks

You missed just a little step: pass the output of the find command as argument to grep. You can accomplish this in two ways: using the -exec action of find or piping the results to xargs. The difference is that -exec executes the command once for each file, whereas xargs takes all the files as argument and spawns a single process. Depending on the number of files and the performance required you can choose either one of the following:

Code:

$ find . -mtime -1 -type f -name \*$(date +%Y-%m-%d)\* -exec grep -E -lw 'nuclear|chemical' {} \;
$ find . -mtime -1 -type f -name \*$(date +%Y-%m-%d)\* -print0 | xargs -0 grep -E -lw 'nuclear|chemical'

Regarding the date in the file name, as you can see shell's command substitution is your friend. Please, take a look at man xargs and at the GNU find manual for details.