[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help grepping last 5 minutes of syslog
|
From: |
Colin S. Miller |
|
Subject: |
Re: Help grepping last 5 minutes of syslog |
|
Date: |
Wed, 15 Sep 2004 17:07:33 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5 |
Joseph wrote:
Hi everyone,
Can someone please help me with a grep command? I am looking for a way
to display only the last 5 minutes' worth of syslog entries.
This will of course give me the current minute's entries:
grep "`date +\"%b %e %H:%M\"`" /var/log/messages
But I don't know how to construct a regex which will give a range that
encomapses the previous 5 minutes instead of just %M.
Any tips on how to do this?
Thanks,
Joseph
I doubt if it's possible; when you consider 10s of minutes wrapping
around the regexp gets complex; when the month wraps around you'll need
to generate a new month name.
Personally, I'd write a perlscript that parses the date from each
line, and converts it to a time_t (seconds sinces the Epoch),
and uses that to decide if the line should be printed.
If the log file is busy, then the following awk command will work.
It's a nasty hack; it caculates the time 5 minutes ago, ignoring
seconds, and then searches the log file for an entry starting
with that time. Once found, it prints that entry, and all subsequent
entries. However, if there was no entry for that time, all the
entries afterwards will be ignored.
awk '
BEGIN {
pass = 0;
search = "^" strftime("%b %d %H:%M", systime() - 5 * 60);
}
{
if ($0 ~ search) pass = 1;
if (pass) print $0
}
END { pass = 0}'
HTH.
Colin S. Miller