LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 02-18-2009, 06:16 AM   #1
B-Boy
Member
 
Registered: Jan 2008
Posts: 103

Rep: Reputation: 15
grep for string in file after a certain part of the file


Hi guys

I want to search for a sting in /var/log/messages but I want to look for the work after a specified time onwards

So what I want is to look for ubuntu in /var/log/messages but only look after 10:00 anything before 10:00 mus be ignored

how can i do this
 
Old 02-18-2009, 06:47 AM   #2
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
If the file /var/log/messages has a fixed format like this:
Code:
Feb 18 12:41:10 linux kernel: blah blah blah
Feb 18 12:43:34 linux kernel: blah blah blah
you can grep the character in 8th column and select values 1 or 2 only:
Code:
grep '... .. [12]' /var/log/messages | grep pattern
the character list [12] will select both 1 and 2 but not 0 or a blank space in the 8th column. Just put the correct number of dots in the pattern to match the exact format of your /var/log/messages.
 
Old 02-18-2009, 07:48 AM   #3
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 17,164

Rep: Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628
I just know I'm going to regret disagreeing with @colucix on such things, but wouldn't an address ranged sed be better to pick from a point in the file to the eof ... ?
Code:
sed -nr '/^Feb 18 10/,$p' /var/log/messages | grep -i pattern

Last edited by syg00; 02-18-2009 at 08:35 AM. Reason: Spelling - Feb is spelt ...
 
Old 02-18-2009, 08:25 AM   #4
B-Boy
Member
 
Registered: Jan 2008
Posts: 103

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by colucix View Post
If the file /var/log/messages has a fixed format like this:
Code:
Feb 18 12:41:10 linux kernel: blah blah blah
Feb 18 12:43:34 linux kernel: blah blah blah
you can grep the character in 8th column and select values 1 or 2 only:
Code:
grep '... .. [12]' /var/log/messages | grep pattern
the character list [12] will select both 1 and 2 but not 0 or a blank space in the 8th column. Just put the correct number of dots in the pattern to match the exact format of your /var/log/messages.
ok but if the time changes to 13:00 it wont grep anything
 
Old 02-18-2009, 08:32 AM   #5
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
Quote:
Originally Posted by B-Boy View Post
ok but if the time changes to 13:00 it wont grep anything
Not true. In a regular expression, the notation [12] means 1 OR 2, that is it matches only one character and it can be either 1 or 2. So it matches any hour from 10 to 19 and from 20 to 23. Not the number twelve! It is called character list, which means a list of characters to match.
 
Old 02-18-2009, 08:38 AM   #6
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
Quote:
Originally Posted by syg00 View Post
I just know I'm going to regret disagreeing with @colucix on such things, but wouldn't an address ranged sed be better to pick from a point in the file to the eof ... ?
Code:
sed -nr '/^Fed 18 10/,$p' /var/log/messages | grep -i pattern
I think it is just a matter of taste!
 
Old 02-18-2009, 08:49 AM   #7
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 17,164

Rep: Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628
What about if the logs cycle past midnight ?.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to grep for a string in a file kaprasanna Linux - Newbie 3 01-06-2009 07:29 AM
sed: print section of file from string to end of file samyboy Linux - Newbie 4 02-26-2008 08:23 AM
Bash remove part of a file based on contents of another file bhepdogg Programming 4 01-31-2007 04:13 PM
Grep string and redirect the rest to a file twantrd Programming 6 06-02-2006 08:37 PM
Grep String Search, and identify source file. carl0ski Linux - General 4 01-21-2006 09:15 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 11:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration