copy lines from log files based on timestamp and sysdate

percvs88 · June 17, 2009, 1:39pm

I'm looking for a command or simple script that will read lots of audit log file (*.aud) in log fold every 10 minutes, and will output to one file based on sysdate - 10 minutes. assume the script is run at 11:12:20, and it
should grep the line from Wed Jun 17 11:02:43 2009 to end of file. after 10 minutes (11:22:20), the script is run again, and it will grep lines Wed Jun 17 11:22:20 2009 to end of file. the audit log files are continually written, and we like to get audit log info from log files every 10 minutes, but no duplicated info every time we grep.

here is sample content of one audit log file

Wed Jun 17 11:02:16 2009
SESSIONID: "5649284" ENTRYID: "4" STATEMENT: "2" USERID: "USER_MEDICAL_LETTERS" USERHOST: "PEACECORPSHQ\NETAPP-DEV"
TERMINAL: "NETAPP-DEV" ACTION: "3" RETURNCODE: "0" OBJ$CREATOR: "MEDDBMS" OBJ$NAME: "HX_DOC_INSERTS" OS$USERID:
"NETWORK?SERVICE"

Wed Jun 17 11:02:43 2009
SESSIONID: "5649284" ENTRYID: "5" STATEMENT: "4" USERID: "USER_MEDICAL_LETTERS" USERHOST: "PEACECORPSHQ\NETAPP-DEV"
TERMINAL: "NETAPP-DEV" ACTION: "3" RETURNCODE: "0" OBJ$CREATOR: "MEDDBMS" OBJ$NAME: "MEDICAL_LETTERS_QUEUE"
OS$USERID: "NETWORK?SERVICE"

Wed Jun 17 11:02:43 2009
SESSIONID: "5649284" ENTRYID: "6" STATEMENT: "4" USERID: "USER_MEDICAL_LETTERS" USERHOST: "PEACECORPSHQ\NETAPP-DEV"
TERMINAL: "NETAPP-DEV" ACTION: "3" RETURNCODE: "0" OBJ$CREATOR: "MEDDBMS" OBJ$NAME: "HX_DOC_INSERTS" OS$USERID:
"NETWORK?SERVICE"

thanks
jack

vidyadhar85 · June 17, 2009, 10:53pm

what have you tried till now??

bwhitehd · June 17, 2009, 11:49pm

There are a thousand ways to do this. A short shell or perl script, even a one-liner grep. Do you have a preference to what you use? From the log file example you provided, are the timestamps and entries on separate lines and is there blank line between entries? Just need to know the formatting.

percvs88 · June 18, 2009, 12:53pm

bwhitehd and vidyadhar85

thanks for the questions. we haven't done anything yet.
a shell script will be very good.

the timestamps and entries are on separate lines and there is a blank line between entries

thanks so much.
jack

rakeshawasthi · June 25, 2009, 9:35am

May be in 6 days you have tried something? Please share.