2

This is my code

awk '{a[$1":"$5]}
    END{for(i in a)
            {
            split(i,b,":");
            split(b[2],c,"[");
    print b[1],b[2]
            }
       }' /var/log/messages

The output would be: (display Month and the Process name)

May init
May rhsmd
May kernal

I would like to change the process name to a short description. The short description is base on the "man" document.

This command help me to print what I want.

man init | sed -n '6p' | cut -c 8-

Output:

init - Upstart process management daemon

Finally, I can't find a way to embed the "man" code to awk. Below is what I expected final output, How can I do that? Thank you.

May init - Upstart process management daemon
May rhsmd - A Program for querying the Red Hat Network for updates and information
May kernal

There has some sample of /var/log/messages

May 21 03:30:02 redhat rhsmd: This system is registered to RHN Classic.
Sep 22 03:35:02 redhat rhsmd: This system is registered to RHN Classic.
May 22 13:00:31 redhat init: serial (hvc0) main process (1326) killed by TERM signal
May 22 13:00:31 redhat init: tty (/dev/tty6) main process (1336) killed by TERM signal
May 22 13:00:32 redhat rhnsd[1256]: Exiting
YOHO
  • 77
  • 7

3 Answers3

2

I would use shell for this.

awk '{a[$1":"$5]}
    END{for(i in a)
        {
        split(i,b,":");
        split(b[2],c,"[");
print b[1],b[2]
        }
   }' /var/log/messages |
while read month cmd; do
    echo -n "$month "
    whatis "$cmd"
done
tripleee
  • 175,061
  • 34
  • 275
  • 318
  • +1 I had a feeling that there had to be a better way than reading line 6 of the `man` page, using `whatis` is much more suitable! – Tom Fenech May 24 '14 at 17:07
  • Thank you, but there had some information I dont need, such as whatis init, it will show me(5) - Upstart init daemon job configuration || (8) - Upstart process management daemon, Actually I just want the "Upstart process management daemon". And then some proess had not man page like rhsmd, it had return ": nothing appropriate" , I also dont need this message. How can I solve it? thankyou :) – YOHO May 24 '14 at 17:48
1

You could try:

awk '{a[$1":"$5]}
END{
    for(i in a) {
        split(i,b,":");
        cmd="man "b[2]" 2>/dev/null | sed -n '6p' | cut -c 8-"
        cmd | getline result
        print b[1],result
    }
}' /var/log/messages
Håkon Hægland
  • 39,012
  • 21
  • 81
  • 174
1

This awk script works for me:

update - using whatis based on tripleee's answer

#!/usr/bin/awk -f

$NF !~ /Exiting/ {
    split($5, a, ":")
    name = a[1]
    if (!s[name]) {
    "whatis " name | getline w
    if (w !~ /nothing/) {
        split(w,b,"- ")
        s[name] = b[2]
    }
    else s[name] = "none"
    }
    printf("%s %s %s\n", $1, a[1], (s[name] != "none" ? "- " s[name] : ""))
}

This builds up a cache of the program's description from the whatis database, so each process is only looked up once. On my system whatis gives the message name: nothing appropriate if no entry exists, so check for that in the outcome. It only reports the lines that don't end in "Exiting".

Example output (note that I don't have rhsmd on my system):

May rhsmd
Sep rhsmd 
May init - process control initialization
May init - process control initialization
Community
  • 1
  • 1
Tom Fenech
  • 72,334
  • 12
  • 107
  • 141
  • This is pretty good, but can i delete "-" if the process had not man page? such as rhsmd – YOHO May 24 '14 at 17:33
  • Sorry, there had a little bug, for example, whatis init, it had display "Upstart init daemon job configuration", but I would like to display the second line of whatis init "Upstart process management daemon", how can i solve it??? thank you again :D – YOHO May 24 '14 at 18:28
  • @user3527571 I would have to see the exact output to know what changes to make. Perhaps it would be useful if you edited your question to show some examples. Do you always want the last line? – Tom Fenech May 25 '14 at 08:12