I created a backup script that emails all the admins when the backup is complete and attaches a log file of what what backed up. On occasion, something happens in which the backups stop working, I started "grep"ing around /var/log/syslog and I usually find the smoking gun. My goal is to zcat /var/log/syslog* and egrep all the instances of an occurence on a date that an error occurred. So I began testing using:
Grabs Date
err_date=$((date)|gawk -F ' ' 'BEGIN {IGNORECASE=1;} {print $2,$3}')
echo $err_date
Oct 23
Now I want to simply use zcat and egrep the lines that contain that date.
zcat /var/log/syslog* |egrep '^`echo $err_date`'
gzip: /var/log/syslog: not in gzip format
gzip: /var/log/syslog.1: not in gzip format
I remove the backticks
zcat /var/log/syslog* |egrep '^$err_date`'
gzip: /var/log/syslog: not in gzip format
gzip: /var/log/syslog.1: not in gzip format
zcat /var/log/syslog*|gawk 'BEGIN {IGNORECASE=1;} /^$err_date/'
I tried many combinations but cant seem to catch my error in usage. I want egrep to use "Oct 23" from variable "$err_date".
??
pamu
October 23, 2012, 1:03pm
3
The problem is highlighted in red..
Are you performing operations on .gz files..?
I normally prefer.
zcat *.gz | ....
Thanks for the reply but it didnt work:
zcat /var/log/syslog* |grep "^$err_date"
gzip: /var/log/syslog: not in gzip format
gzip: /var/log/syslog.1: not in gzip format
?
---------- Post updated at 01:07 PM ---------- Previous update was at 01:05 PM ----------
Thanks PAMU,
I would like to grep all files under:
/var/log/syslog*
which would include:
-rw-r----- 1 syslog adm 133256 Oct 17 08:04 /var/log/syslog.7.gz
-rw-r----- 1 syslog adm 146465 Oct 18 07:56 /var/log/syslog.6.gz
-rw-r----- 1 syslog adm 158721 Oct 19 07:48 /var/log/syslog.5.gz
-rw-r----- 1 syslog adm 172300 Oct 20 07:40 /var/log/syslog.4.gz
-rw-r----- 1 syslog adm 183107 Oct 21 07:49 /var/log/syslog.3.gz
-rw-r----- 1 syslog adm 206954 Oct 22 07:45 /var/log/syslog.2.gz
-rw-r----- 1 syslog adm 5840020 Oct 23 07:49 /var/log/syslog.1
-rw-r----- 1 syslog adm 1342525 Oct 23 13:06 /var/log/syslog
thanks
pamu
October 23, 2012, 1:11pm
5
try using
zcat /var/log/syslog.*.gz | grep "^$err_date"
If I just:
zcat -v /var/log/syslog*
Oct 17 08:04:31 Dartanion nullmailer[1572]: Starting delivery: protocol: smtp host: mail. file: 1350367203.17107
Oct 17 08:04:31 Dartanion nullmailer[9414]: smtp: Failed: Connect failed
Oct 17 08:04:31 Dartanion nullmailer[1572]: Sending failed: Host not found
Oct 17 08:04:31 Dartanion nullmailer[1572]: Starting delivery: protocol: smtp host: mail. file: 1350108002.10660
Oct 17 08:04:31 Dartanion nullmailer[9415]: smtp: Failed: Connect failed
Oct 17 08:04:31 Dartanion nullmailer[1572]: Sending failed: Host not found
Oct 17 08:04:31 Dartanion nullmailer[1572]: Starting delivery: protocol: smtp host: mail. file: 1350453603.30086
Oct 17 08:04:31 Dartanion nullmailer[9416]: smtp: Failed: Connect failed
Oct 17 08:04:31 Dartanion nullmailer[1572]: Sending failed: Host not found
Oct 17 08:04:31 Dartanion nullmailer[1572]: Starting delivery: protocol: smtp host: mail. file: 1350215920.13026
Oct 17 08:04:31 Dartanion nullmailer[9417]: smtp: Failed: Connect failed
Oct 17 08:04:31 Dartanion nullmailer[1572]: Sending failed: Host not found
Oct 17 08:04:31 Dartanion nullmailer[1572]: Delivery complete, 8 message(s) remain.
95.8%
I can see it going through all the files and or most of the files but I cannot seem to pass my variable into grep or egrep. ?
for i in /var/log/syslog*
do
echo "$i" | grep "gz$" > /dev/null 2>&1 && zcat "$i" | grep "^$err_date"
echo "$i" | grep "gz$" > /dev/null 2>&1 || grep "^$err_date" "$i"
done
Problem Solved.
zgrep "$err_date" /var/log/syslog*
"zgrep" Learn something new everyday. Many thanks for all the help
---------- Post updated at 01:16 PM ---------- Previous update was at 01:15 PM ----------
awesome
pamu
October 23, 2012, 1:24pm
9
I believe zgrep do the same job as zcat .gz | grep . But adds extra file name in the result. And if zgrep working fine then zcat .gz | grep should work also..
