-   Linux - General (
-   -   isolating a day logs from a squid week log (

rogerdv 03-30-2010 10:54 AM

isolating a day logs from a squid week log
I have been requested to deliver the logs for last friday, but the problem is that I have configured squid logs to be weekly, not daily. How can I extract the logs generated friday from the week file?

GrapefruiTgirl 03-30-2010 10:59 AM

Does every log entry begin with some common string, perhaps including the date of the entry? Logs usually are of this nature. If this is the case, my choice would be to use grep or awk on the logfile of the week in question; grep for all entries containing the desired date of the Friday you want, and redirect that output to a fresh file for delivery.


rogerdv 03-30-2010 11:21 AM

Yes, but squid logs date in an special format that requires decoding. Solved the problem now using sarg, but I was curious I could send the raw log to avoid stupid requests like this next time.

GrapefruiTgirl 03-30-2010 11:36 AM

The logs are dated in UNIX-time format by default. You'd need to either involve the `date` command to convert to a 'regular' date format and narrow down which entries are from the date in question, or perhaps easier would be use one of the many tools and scripts I can see on the internet, for examining squid logs and/or converting them to a standard (e.g. httpd) log format, and then isolate the days you want.

More often than is probably healthy, I tend to do things in possibly the less-easy way, :p so if I were in the situation you describe, I might be inclined to scan the file line by line with a script, converting the date of each line, and then grabbing out the lines whose dates correspond to the day in question, and dumping them into a new file..

If you want an example code of how I might do this, post a few lines of the log in question and sometime later I'll show you what I mean. But meanwhile, it's quite possible that someone who is familiar with squid-logs and does this sort of thing regularly, will offer a 'commonly used' alternative to what I propose.


All times are GMT -5. The time now is 09:06 AM.