Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Not sure if this is the right forum, but here goes.
I use grep to find a particular line in the secure log file, the line looks something like this:
/var/log/secure:Feb 4 12:42:09 server-name sshd[27839]: pam_unix(sshd:session): session closed for user UserX
I need to cut out the date and time into two variables $CLDATE and $CLTIME but I have no idea to do this. Usually I try to find a unique character and use that as delimiter in the cut command, but that won work on this line.
Can anybody point me in the right direction on how to do this so I'll end up with the variable $CLDATE containing "Feb 4" and the variable $CLTIME containing "12:42:09"
grep will do the job - see the manpage for character classes; a mild form of regex. For example, the following will extract the date above, and allow for 2 digit dates as well.
grep will do the job - see the manpage for character classes; a mild form of regex. For example, the following will extract the date above, and allow for 2 digit dates as well.
Code:
grep -oE "[[:alpha:]]{3} [[:digit:]]{1,2}"
Some assumptions taken ...
Thank you for your help, I've tried it, but this is the output from the command :
grep: /var/log/secure:Feb: No such file or directory
grep: 4: No such file or directory
grep: 12:42:09: No such file or directory
grep: standic-ad: No such file or directory
grep: sshd[27839]:: No such file or directory
grep: pam_unix(sshd:session):: No such file or directory
grep: session: No such file or directory
grep: closed: No such file or directory
grep: for: No such file or directory
grep: user: No such file or directory
grep: sra-Administrator: No such file or directory
I just noticed something strange, when I grep the line from the logfile there are 2 spaces between "Feb"and "4", but in a string there is only 1 space. Is this normal behavior?
Below is what I did:
I just noticed something strange, when I grep the line from the logfile there are 2 spaces between "Feb"and "4", but in a string there is only 1 space.
To handle the 2 spaces, change the code in post #3 to
Code:
str2=${str1#*[[:digit:]][[:space:]]}
PS - You have been shown three different approaches. The criterion 'point me in the right direction on how to do this' has been fulfilled. Your data, your requirement and your responsibility to follow through. Please take ownership. We all learn best by working through our own problems.
I need to cut out the date and time into two variables $CLDATE and $CLTIME but I have no idea to do this. Usually I try to find a unique character and use that as delimiter in the cut command, but that won work on this line.
Code:
#!/bin/bash
while read f ; do
echo $f
# $CLDATE and $CLTIME
#looking at my secure log to get patterns to use.
#Date and time is all you're wanting?
hosty=`hostname`
#my host name has slack64.current.org strip it off and use for pattern
hosty=${hosty%%.*}
echo $hosty
strip1=${f%$hosty*}
echo $strip1
#leaving just the month day, time to get
#Feb 8 12:54:08
#timePattern
pattime="[0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
CLDATE=${strip1/$pattime}
echo "date : $CLDATE"
CLTIME="$(echo -e "$strip1" | egrep -o "$pattime")"
echo "time : $CLTIME"
done<<<"$(sudo cat /var/log/secure)"
#done<<<"$(cat ~/scripts/LQ/secureTestFile)"
sample from my secure log
Code:
Feb 8 19:45:05 slack64 sudo: userx64 : TTY=pts/0 ; PWD=/home/userx64 ; USER=root ; COMMAND=/usr/sbin/dmidecode
Feb 8 20:47:49 slack64 polkitd[1199]: Unregistered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 ( system bus name :1.9, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
results
Code:
slack64
Feb 7 15:56:40
date : Feb 7
time : 15:56:40
concerning a 2 digit date
Code:
Feb 10 12:05:58 slack64 last message repeated 4 times
slack64
Feb 10 12:05:58
date : Feb 10
time : 12:05:58
Feb 28 12:06:25 slack64 last message repeated 2 times
slack64
Feb 28 12:06:25
date : Feb 28
time : 12:06:25
Feb 9 12:07:53 slack64 last message repeated 3 times
slack64
Feb 9 12:07:53
date : Feb 9
time : 12:07:53
that code works for that as well.
server-name
that is you starting point for your pattern. it looks to me, seeing what little of your log you posted in the first post.
to strip this leading part off
/var/log/secure:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.