-1

I want to find a date in a log file and print from that date till the end of log file and that date is 5 days prior to the end of log file which is 27/Dec/2002

the log file is like this : 213.64.56.208 - - [01/Jan/2003:05:42:53 +0100]

the whole script : 

for d in \
 $(sed -nre 's/.*\[(..)\/(...)\/(....):(..:..:..) .*/\1 \2 \3 \4/p' thttpd.log $
do echo $d >s1; done

time=$(expr 60 \* 60 \* 24 \* 5)
EDATE=`tail -1 s1`
SDATE=$[$EDATE - $time]
sd=`date -d '1970-01-01 UTC '$SDATE' seconds' +"%d/%b/%Y"`
sd=$(echo $sd | sed 's/\//\\\//g')
sed -n "$(awk '/'$sd'/ { print NR }' thttpd.log | head -1),$ p" thttpd.log

the problem is the date 27/Dec/2002 is not in log file ! so now how should i write to go for searching the next day (28/Dec/2002)

213.64.237.213 - - [23/Dec/2002:03:02:22 +0100]
213.132.36.66 - - [28/Dec/2002:19:33:29 +0100]

I also have this problem with hour too ! I want to print the last 5 hour which would be 07:55:21 , but there is not 7:55 in the log file ! so it should print from the next item till (08:08) the end 

213.64.56.208 - - [01/Jan/2003:07:53:17 +0100]
213.64.56.208 - - [01/Jan/2003:08:08:19 +0100]
matarsak
  • 37
  • 5

1 Answers1

2

Didn't you solve this?

You must wrap the $sd with a single quote, and escape the slash in date with a backslash, try this:

sd="01/Jan/2003"
sd=$(echo $sd | sed 's/\//\\\//g')
sed -n "$(awk '/'$sd'/ { print NR }' aa.log | head -1),$ p" aa.log

PS: convert month name to number if necessary.

quanta
  • 51,413
  • 19
  • 159
  • 217
  • when I run it seprately it works ! but when I run it on my script it does not work ! and the error is : sed: -e expression #1, char 1: unknown command: `,' also when i run it with 27/Nov/2002 the out put include non relevant items like 22/Dec/2002 ! :( – matarsak Sep 28 '11 at 08:45
  • Show me the entire your script. – quanta Sep 28 '11 at 08:48
  • why when I run it with another date it has error :sed: -e expression #1, char 1: unknown command: `,' sd="27/Dec/2002" sd=$(echo $sd | sed 's/\//\\\//g') sed -n "$(awk '/'$sd'/ { print NR }' serverlog.log | head -1),$ p" serverlog.log – matarsak Sep 28 '11 at 09:01
  • Actually I found the problem ! the problem is there is no 27/dec/2002 in the log file ! so it should search for the next day ! how should i write this? – matarsak Sep 28 '11 at 09:10
  • 1
    Use `grep -c` to check the date exist first, then do the next steps. – quanta Sep 28 '11 at 09:15
  • how should it search for items after 27/Dec ? – matarsak Sep 28 '11 at 09:32
  • You mean next line or next date? – quanta Sep 28 '11 at 10:11
  • logically next line would be the next date as well (but I want next date till the end of log file to be printed!) the better way is if the original date is in the log file print from it till the end other wise go to the closest next date and print from that till the end – matarsak Sep 28 '11 at 12:07
  • The Apache access log may be was rotated daily. What is your ultimate purpose? – quanta Sep 28 '11 at 14:19
  • I want to print the last 5 days which is started from 27/Dec/2002 but because there is no 27/Dec/2002 in log file my script could not recognize what to print ! so it's necessary to go to next available date which is in the log file ! in this example 28/Dec is the next available date , now how i should wirte this ? – matarsak Sep 28 '11 at 14:28
  • Extract the date from the first line and compare with 27/Dec/2002 – quanta Sep 28 '11 at 14:30
  • 27/Dec is just an example ! I want to write first search for the date , if you don't find it go and search the next available date , how should I write this? – matarsak Sep 28 '11 at 14:32
  • Nothing different. Assumming that you let user input a date and you want to print from this date to the end. Compare it with the date from the first line, if it is less than, print a message to force user to input another date. – quanta Sep 28 '11 at 14:41
  • No it's not like that ! 27/Dec is the date it suppose to print from ! I could not change the whole thing ! user entered the last 5 days and 5 days prior to 1/jan /2003 start from 27/dec ! so now that 27 is not among items in log file it has to print from 28/Dec . there must be some way to do this – matarsak Sep 28 '11 at 14:45
  • Can't you extract the `27` and `++` until you found it in the log? – quanta Sep 28 '11 at 14:54
  • why should I make this harder than it is ! I just want to print items >= $sd (27/Dec/2002) – matarsak Sep 28 '11 at 15:00
  • I already gave you a suggestion in another topic: loop through the log file, read line by line, extract the date and compare with `27/Dec/2002`. – quanta Sep 28 '11 at 15:05
  • I'll open a new topic to get the answer ! what you're telling me is confusing me ! – matarsak Sep 28 '11 at 15:10