LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-08-2017, 03:16 AM   #1
glennbtn
Member
 
Registered: Dec 2009
Posts: 125

Rep: Reputation: 18
Grep Issues


Hi All

I am running debian 8.5 and seem to be having issues getting data with grep.

The command I am trying to run is grep "^$(date --date -2hour +'%Y-%m-%d %H:%M')" /var/log/logfilename | grep 'auth failure'

This just returns a blank line. If I run (date --date -2hour +'%Y-%m-%d %H:%M') this retuns the correct time -2 hours as expected

If I run grep "auth failure' /var/log/logfilename it returns the data expect but clearly the whole lot from the log file.

So can anyone advise what I am doing wrong to get nothing when I run the whole command.

Thanks

Glenn
 
Old 08-08-2017, 03:41 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,510

Rep: Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552
probably try grep -F and without ^
 
Old 08-08-2017, 03:48 AM   #3
glennbtn
Member
 
Registered: Dec 2009
Posts: 125

Original Poster
Rep: Reputation: 18
Many thanks for the suggestion.

Tried but still no result
 
Old 08-08-2017, 03:53 AM   #4
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,510

Rep: Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552Reputation: 5552
would be nice to show us some examples (lines to check).
 
Old 08-08-2017, 04:03 AM   #5
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 19,715

Rep: Reputation: 3549Reputation: 3549Reputation: 3549Reputation: 3549Reputation: 3549Reputation: 3549Reputation: 3549Reputation: 3549Reputation: 3549Reputation: 3549Reputation: 3549
And if you run the first grep command, what do you get ?.
Diagnostics 101.
 
Old 08-08-2017, 04:14 AM   #6
aragorn2101
Member
 
Registered: Dec 2012
Location: Mauritius
Distribution: Slackware
Posts: 553

Rep: Reputation: 277Reputation: 277Reputation: 277
Have you tried only
Code:
grep "$(date --date -2hour +'%Y-%m-%d %H:%M')" /var/log/logfilename
and see what it gives you.
 
Old 08-08-2017, 04:20 AM   #7
michaelk
Moderator
 
Registered: Aug 2002
Posts: 21,505

Rep: Reputation: 4113Reputation: 4113Reputation: 4113Reputation: 4113Reputation: 4113Reputation: 4113Reputation: 4113Reputation: 4113Reputation: 4113Reputation: 4113Reputation: 4113
Try not using quotes around the date command.

Make sure the output of your date command is not missing any extra spaces etc.

Last edited by michaelk; 08-08-2017 at 04:22 AM.
 
Old 08-08-2017, 05:18 AM   #8
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,783

Rep: Reputation: 592Reputation: 592Reputation: 592Reputation: 592Reputation: 592Reputation: 592
Well you're only going to get a match if you actually had an auth failure message logged during that one minute two hours ago.
 
Old 08-08-2017, 07:23 AM   #9
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,426

Rep: Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054Reputation: 2054
Quote:
Originally Posted by glennbtn View Post
Code:
grep "^$(date --date -2hour +'%Y-%m-%d %H:%M')"
"^" is a start of line anchor, "$" is the end of line anchor; grep will ignore the stuff after that... you need to
Code:
grep "\^\$\(date --date -2hour +'%Y-%m-%d %H:%M'\)"
to grep for what you want, then what descendant_command said.
I wasn't able to make a match in a log file at all with that syntax, tho. I'm not sure you can build your date to match on the fly like that.

If you're trying to find an instance of auth_failure at a specific time,
put the results of the date command into a variable, then use it in the grep
Code:
tmpdt=$(date --date -2hour +'%Y-%m-%d %H:%M');grep 'auth failure' /var/log/logfilename | grep "$tmpdt"
1. store the date-time in $tmpdt
2. grep for 'auth failure'
3. grep for the date-time
...but then what descendant_command said
 
1 members found this post helpful.
Old 08-09-2017, 02:05 AM   #10
MadeInGermany
Senior Member
 
Registered: Dec 2011
Location: Simplicity
Posts: 1,745

Rep: Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791
Assuming this is a shell command, the previous saying is not true, because the shell substitutes the $( ) before the grep is invoked.
Rather I think there is no matching log entries at the given minute. Try to omit the %M and look at the matches (for the full hour)!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Find & grep - how to return pathes, not grep phrases ? postcd Linux - General 2 11-25-2014 12:43 PM
grep to file outputs more than grep to screen? tcpman Linux - Server 4 06-07-2013 04:46 AM
Creating an alias in ksh that uses grep and includes 'grep -v grep' doug248 Linux - Newbie 2 08-05-2012 02:07 PM
Trying to understand pipes - Can't pipe output from tail -f to grep then grep again lostjohnny Linux - Newbie 15 03-12-2009 10:31 PM
grep searching for control chars shell issues gquiring Linux - General 2 05-02-2005 02:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration