Grep Issues
 

Hi All

I am running debian 8.5 and seem to be having issues getting data with grep.

The command I am trying to run is grep "^$(date --date -2hour +'%Y-%m-%d %H:%M')" /var/log/logfilename | grep 'auth failure'

This just returns a blank line. If I run (date --date -2hour +'%Y-%m-%d %H:%M') this retuns the correct time -2 hours as expected

If I run grep "auth failure' /var/log/logfilename it returns the data expect but clearly the whole lot from the log file.

So can anyone advise what I am doing wrong to get nothing when I run the whole command.

Thanks

Glenn

probably try grep -F and without ^

Many thanks for the suggestion.

Tried but still no result

would be nice to show us some examples (lines to check).

And if you run the first grep command, what do you get ?.
Diagnostics 101.

Have you tried only
and see what it gives you.

Try not using quotes around the date command.

Make sure the output of your date command is not missing any extra spaces etc.

Well you're only going to get a match if you actually had an auth failure message logged during that one minute two hours ago.

"^" is a start of line anchor, "$" is the end of line anchor; grep will ignore the stuff after that... you need to
to grep for what you want, then what descendant_command said.
I wasn't able to make a match in a log file at all with that syntax, tho. I'm not sure you can build your date to match on the fly like that.

If you're trying to find an instance of auth_failure at a specific time,
put the results of the date command into a variable, then use it in the grep
1. store the date-time in $tmpdt
2. grep for 'auth failure'
3. grep for the date-time
...but then what descendant_command said

Assuming this is a shell command, the previous saying is not true, because the shell substitutes the $( ) before the grep is invoked.
Rather I think there is no matching log entries at the given minute. Try to omit the %M and look at the matches (for the full hour)!