LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   grepping a log file (https://www.linuxquestions.org/questions/linux-general-1/grepping-a-log-file-542872/)

graziano1968 04-03-2007 02:35 AM
grepping a log file
 
Hello

I have an assp log file which contains spam score data for each log line like this

Apr-3-07 03:32:31 PB: 205.158.154.152 score: 0+15 => 15 reason:205.158.154.152:RelayAttempt

I would grep/sed only those messages which have
score > 20 ,


for example

Apr-3-07 03:32:31 PB: 205.158.154.152 score: 30+15 => 45 reason:205.158.154.152:RelayAttempt

should be showed.

how to do that please ?

Thanks !

yongitz 04-03-2007 03:05 AM
hi there! awk should solve your problem. I'm not really good at it but I've tried the code below and it worked. There maybe other solution nicer than this one..

Code:
awk '{if ($8 > 20) print $1,$2,$3,$4,$5,$6,$7,$8,$9}' logfile

graziano1968 04-03-2007 12:33 PM
Quote:
Originally Posted by yongitz
hi there! awk should solve your problem. I'm not really good at it but I've tried the code below and it worked. There maybe other solution nicer than this one..

Code:
awk '{if ($8 > 20) print $1,$2,$3,$4,$5,$6,$7,$8,$9}' logfile

f a n t a s t i c , thanks!

pwc101 04-03-2007 12:48 PM
Quote:
Originally Posted by yongitz
hi there! awk should solve your problem. I'm not really good at it but I've tried the code below and it worked. There maybe other solution nicer than this one..

Code:
awk '{if ($8 > 20) print $1,$2,$3,$4,$5,$6,$7,$8,$9}' logfile
A slight refinment might be
Code:
awk '{if ($8 > 20) print $0}' logfile

yongitz 04-04-2007 01:52 AM
Quote:
Originally Posted by pwc101
A slight refinment might be
Code:
awk '{if ($8 > 20) print $0}' logfile
A very nice refinement.. :)

Cheers!

graziano1968 04-04-2007 03:51 AM
more difficult

suppose I have to accept the result only if the line before had "domain.com" in it

I tried

Code:
awk '{if ($8 > 1 && grep -B1 "domain.com"!="" ) print $0}'
but does not work

pwc101 04-04-2007 04:13 AM
I had something similar come up the other day, this is how I did it:
Code:
awk '/domain\.com/ {print $0}'
edit: you need to escape the dot otherwise it'll find "domain com" as well as "domain.com"

edit 2: that'll teach me for not reading your post correctly! You wanted it only if the line before it also contained domain.com. Sorry, my mistake! I think sed might be your friend here.

graziano1968 04-04-2007 04:35 AM
Quote:
Originally Posted by pwc101
I had something similar come up the other day, this is how I did it:
Code:
awk '/domain\.com/ {print $0}'
edit: you need to escape the dot otherwise it'll find "domain com" as well as "domain.com"

edit 2: that'll teach me for not reading your post correctly! You wanted it only if the line before it also contained domain.com. Sorry, my mistake! I think sed might be your friend here.
Thank you, yes I am trying to get the result only if the line before contains domain.com

for example

Apr-4-07 05:13:29 88.227.8.201 <murbrianmorrowhat@brianmorrow.com> recipient delayed: mrodriguez@domain.com
Apr-4-07 05:13:39 PB: 88.227.8.201 score: 0+150 => 150 reason:LimitingIPFrequency


Apr-4-07 05:13:39 PB: 88.227.8.201 score: 0+150 => 150 reason:LimitingIPFrequency
should be showed/returned because the line before contains domain.com

on this other case
Apr-4-07 05:13:29 88.227.8.201 <murbrianmorrowhat@brianmorrow.com> recipient delayed: mrodriguez@yahoo.com
Apr-4-07 05:13:39 PB: 88.227.8.201 score: 0+150 => 150 reason:LimitingIPFrequency

the command should return nothing because domain.com is not on the line before.


Thanks

timmeke 04-04-2007 08:49 AM
Haven't tried this, but maybe this'll inspire you...
Code:
awk 'BEGIN {printNext=0;} {if ($8 > 20) print $0; printNext=0} /domain\.com/ {printNext=1;} {printNext=0}/' logfile
For readability, you might want to put everything between the single quotes in a file and use awk's -f option
to run the awk commands from that file.

I'm not entirely sure of the syntax either. You may need to put a $ before printNext, for instance.

SlowCoder 04-04-2007 10:18 AM
I'm no expert, but here's what I'd try ...

grep -A1 logfile domain.com | awk '{if ($8 > 20) print $0}'

Would that work?

Vinoth P Gounder 12-07-2011 04:57 AM
greping log
 
awk '/domain\.com/ {print $0}'

trey85stang 12-08-2011 02:52 AM
Quote:
Originally Posted by graziano1968 (Post 2696970)
more difficult

suppose I have to accept the result only if the line before had "domain.com" in it

I tried

Code:
awk '{if ($8 > 1 && grep -B1 "domain.com"!="" ) print $0}'
but does not work
Code:
awk '{if($8 > 1) {if(hold ~ "domain.com") {print $0)}} hold=$0}' filename
for readability
Code:
awk '{
  if ( $8 > 1 )
  { if ( hold ~ "domain.com" )
    { print $0
    }
  }
  hold=$0
}' filename


All times are GMT -5. The time now is 04:31 PM.