Quote:
But, it will count ALL the messages in the file. Not just those from a single hour. Is that what you want? |
Quote:
Thing has change on demand. What about every hour? But if restart server before cutoff time, the error counts will start from zero but we want total errors every hour. for eg: 1hr -- 20 counts 2hr -- 45 counts (25 from current hours and 20 from previos hr) 3hr -- 45 counts (0 from current hours and 45 from previous hrs) Thanks |
Hi dnaqvi,
If understand correctly you've stated that you start a new log file every 12 hours. The pattern we've been talking about will count the overall total of whatever type of messages you specify, in a single log file, each time you use the pattern, without any concern for the hour in the message . Let's say that you are able to use the pattern in a script, and manage to run the script, exactly at the time, after the last message for one hour is put in the log file, and before the first message for the next hour is put in the log file. Then, for a particular type of message, with this list of counts for the first few hours of the day as an example, the counts would work like this: Code:
hour count which occurred *that* hour pattern would return this count It will only do that for a single log file. As soon as you start a new log file, the count returned by a pattern used for a particular type of message, will start over at zero. So, if you want a continuously increasing count, then you'll need to save the count you got from one log file, and add it to the count from the next log file. If for some reason, it's easier for you to add up the total, by getting the count for each specific hour according to the time in the message for a particular type of message, that can be done using commands like these: Code:
$ the_hour=`date +%H` If you were to use that with what we'd talked about before, and just using only error and advisory messages as an example, with the pattern for a specific hour according to the time in the message, it might look something like: Code:
the_hour=`date +%H` You could also pass in the hour for which you want to search to be absolutely sure you get the right hour. Whichever way you need to do things, hope this helps. |
Quote:
"00000093 LdapRegistryI A SECJ0419I: The user registry is currently connected to the LDAP server" |
Are you saying the message has no time stamp? It looks like this:
Code:
00000093 LdapRegistryI A SECJ0419I: The user registry is currently connected to the LDAP server Code:
[3/29/10 0:01:45:464 PDT] 00000093 LdapRegistryI A SECJ0419I: The user registry is currently connected to the LDAP server ldap://00.00.00.00:123. |
Quote:
|
All times are GMT -5. The time now is 10:18 AM. |