I'm looking for a command or simple script that will read lots of audit log file (*.aud) in log fold every 10 minutes, and will output to one file based on sysdate - 10 minutes. assume the script is run at 11:12:20, and it
should grep the line from Wed Jun 17 11:02:43 2009 to end of file. after 10 minutes (11:22:20), the script is run again, and it will grep lines Wed Jun 17 11:22:20 2009 to end of file. the audit log files are continually written, and we like to get audit log info from log files every 10 minutes, but no duplicated info every time we grep.
here is sample content of one audit log file
Wed Jun 17 11:02:16 2009
SESSIONID: "5649284" ENTRYID: "4" STATEMENT: "2" USERID: "USER_MEDICAL_LETTERS" USERHOST: "PEACECORPSHQ\NETAPP-DEV"
TERMINAL: "NETAPP-DEV" ACTION: "3" RETURNCODE: "0" OBJ$CREATOR: "MEDDBMS" OBJ$NAME: "HX_DOC_INSERTS" OS$USERID:
"NETWORK?SERVICE"
Wed Jun 17 11:02:43 2009
SESSIONID: "5649284" ENTRYID: "5" STATEMENT: "4" USERID: "USER_MEDICAL_LETTERS" USERHOST: "PEACECORPSHQ\NETAPP-DEV"
TERMINAL: "NETAPP-DEV" ACTION: "3" RETURNCODE: "0" OBJ$CREATOR: "MEDDBMS" OBJ$NAME: "MEDICAL_LETTERS_QUEUE"
OS$USERID: "NETWORK?SERVICE"
Wed Jun 17 11:02:43 2009
SESSIONID: "5649284" ENTRYID: "6" STATEMENT: "4" USERID: "USER_MEDICAL_LETTERS" USERHOST: "PEACECORPSHQ\NETAPP-DEV"
TERMINAL: "NETAPP-DEV" ACTION: "3" RETURNCODE: "0" OBJ$CREATOR: "MEDDBMS" OBJ$NAME: "HX_DOC_INSERTS" OS$USERID:
"NETWORK?SERVICE"
thanks
jack