0

I saw it posted here that this would work but it is not working for me. I need something short and sweet like this command. using the python version of rsstail.

rsstail -dl -e 1 -U -a -u https://threatpost.com/feed/ -n 10 | grep -A 2 "2021/03/15 20[1-5]"

This should grab the last 5 hours but it doesn't.

Sample line from the feed follows

Updated: 2021/03/12 21:42:59  Title: Critical Security Hole Can Knock Smart Meters Offline  Author: Tara Seals  Link: https://threatpost.com/critical-security-smart-meter-offline/164753/   Description: Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks
Mr R
  • 754
  • 7
  • 19
robw
  • 1
  • 2
  • Can you share some output from `rsstail` (i.e. drop the grep) ? – Mr R Mar 16 '21 at 11:24
  • Or indicate what the format of the timestamp is - as the HHMM or HH:MM (or what is it) might not match your regex. And getting 2 lines after each timestamp - will it give your expect output - please add that. – Mr R Mar 16 '21 at 11:25
  • ```Updated: 2021/03/12 21:42:59 Title: Critical Security Hole Can Knock Smart Meters Offline Author: Tara Seals Link: https://threatpost.com/critical-security-smart-meter-offline/164753/ Description: Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks``` – robw Mar 16 '21 at 21:15

1 Answers1

0

You were heading on the right track with the grep - however there wasn't going to be a match on the date because 20[1-5] matches two digits and a digit in the range 1-5 in a row after the specific date - that would match 2021/03/15 2022 but not 2021/03/15 20:22.

Assuming you are in daylight hours you don't have to worry about spanning two days - imagine you ran at 2:00am you'd need yesterday 21:XX, 22:XX, 23:XX and today 00:XXam, 01:XXam.

So say you run at 11.am today - previous 5 hours 6/7/8/9/10 .. so you could do something like this.

grep -A 2 -E -e '2021/03/17 (06|07|08|09|10):'

OR even

grep -A 2 -E -e '2021/03/17 (0[6789]|10):'

You can auto-generate some of the query like this (again I've ignored cross-over of hour) NOTE: OSX Date & GNU date are different - this is OSX example -

FROMMIN=$( date -v -4M +'%M' )
TOMIN=$( date +'%M' )
## GIVES like this 2021/03/17 20:(44|45|46|47|48|)
MATCH=$( echo $( date +'%Y/%m/%d %H:(' )$( seq -s "|" $FROMMIN 1 $TOMIN )')' )
grep -A 2 -E -e "$MATCH"
Mr R
  • 754
  • 7
  • 19