I am in the process of writing a ssh command to process certain email log entries with awk into a nice readable format. This script is to be run only on entries to /var/log/exim_mainlog that are from the last 24 hours. I am not very familiar with time searching options. Any suggestions on the best way to grep the email logs for only entries that are dated in the last 24 hours? preferably a grep option or something similar. Any help is greatly appreciated
Asked
Active
Viewed 566 times
0
-
How are the logs formatted? – fge Dec 25 '12 at 00:42
-
`find` and its time options will probably come in handy here. – squiguy Dec 25 '12 at 00:45
-
The logs differ in formatting, but I am pulling every log containing "No Such User Here" within the last 24 hours. the date is formatted like so: 2012-12-23 00:05:07 – mr.pribesh Dec 25 '12 at 02:14
-
Can find be used on logs files? I thought it wouldn't work because ti finds files not text althoughugh Im sure I could be mistaken – mr.pribesh Dec 25 '12 at 02:14
2 Answers
0
Perhaps sawmill does what you want? It parses exim mail logs and allows you to filter by time. Let me know if this is helpful.
hd1
- 33,938
- 5
- 80
- 91
-
although this would be helpful, I actually have to write the script so using some software is out of the question. Thanks – mr.pribesh Dec 25 '12 at 01:54
0
Have a look at the exiqgrep command which may already be installed on your system.
Brett Freer
- 266
- 1
- 3
-
I do have exigrep installed, but I am not so sure if it can be used to manipulate the exim_mainlog the way I want to. essentially I am looking to grab all logs with "No Such User Here" in them within the last 24 hours, and then format that output using awk – mr.pribesh Dec 25 '12 at 02:12