I'm looking to parse my /var/log/httpd folder which contains a lot of Apache log files.
I'm looking for specific events within the last hour. I've tried the below, but I didn't have any luck.
grep -R "$(date -d -1hour +'%Y-%m-%d %H')" /var/log/httpd/ | grep "too many failed"
Thoughts?
Did you look at the format of the dates in you apache logs ? On the systems I have to hand (CentOS) that have their access logs in /var/log/httpd the date format is
15/Jun/2014:11:48:27 +0000
If yours is the same then you need
date -d -1hour +'%d/%b/%Y:%H'
as your date command.
If it's different then you need to show us the format that the log file is using.
You are doing a recursive grep (-R) - which is useless in this case- I presume you don't have any subdirs under /var/log/httpd (if that's standard distro).
What you want to do is discard everything before a line that has timestamp from hour ago. Also, access and error logs typically have different timestamps in them.
So, for example, access log has the following timestamp:
[15/Jun/2014:23:11:41 +0200]
So you need to use date to print time in that specific timestamp, for example:
CURTIME=$(date -d -1hour +'%d/%b/%Y:%H:%M' | sed 's#/#.#g'); \
sed "1,/$CURTIME/d" /var/log/httpd/*access_log
For error log, you need to use different approach, because error_log uses this kind of timestamp:
[Sat Jun 14 09:12:50 2014]
Only thing you may bear in mind is that if apache didn't log any line an hour ago, this approach would fail because there wouldn't be a line match for sed.
