Hi Guys,
I have a file called error.logs. am just trying to display the content in the file which was modified last 1 day. I tried below command but it doesnt give the proper output.
find /u/text/vinoth/bin "error.logs" -mtime -1 -exec cat {} \; >> mail.txt
Any help is much appreciated!!!
Thanks
Elaborate what you mean by "doesn't give the proper output"
Hi ahamed,
The ouput of scripts should give only the change happened last 1 day. But it gives all the changes happened on that file.
Thanks
find is not that intelligent. It will only list the file that was modified x no of days as per your command.
Are you expecting it to display the content which got added into that file in last 24 hours? I don't think a readymade command is available for that.
You may need to parse the file, provided there is some marker like date or something added in the file to identify per day logs.
Yes i need to display the content which got added into that file in last 24 hours?
Am new to shell scripting......Any suggestion how can i get this done??
You have to add '-name' in the command
find /u/text/vinoth/bin -name "error.logs" -mtime -1 -exec cat {} \; >> mail.txt
Hi Srini,
It doesnt works. It just gave me the duplicate file of error.logs, not the latest change happened 24 hours before.
869119 Mar 24 04:10 mail.txt
869119 Mar 24 04:10 error.logs
provide us the sample content of 'error.logs' file and we can see if we can help you
How does your logging start with? say at the start of the day. Do you have a date field or something similar?
Here u go!!!
26 Jan 2014 12:06:08,274 INFO security - Userid: gabriel, Saved File Instance, Name: [VAP], Registry: [RAP]
16 Feb 2014 12:07:29,605 INFO security - Userid: ram, Saved File Instance, Name: [RAS], Registry: [RAP]
26 Feb 2014 12:06:08,274 INFO security - Userid: raja, Saved File Instance, Name: [VAP], Registry: [RAP]
26 Feb 2014 12:07:29,605 INFO security - Userid: ram, Saved File Instance, Name: [RAS], Registry: [RAP]
24 Mar 2014 12:07:29,605 INFO security - Userid: Sri, Deleted File Instance, Name: [RAS], Registry: [RAP]
Using GNU date
#!/bin/bash
cmp=$( date +%s -d"1 day ago" )
while IFS=, read data rest
do
log_time=$( date +%s -d "$data" )
[[ $log_time -ge $cmp ]] && echo "$data,$rest"
done < error.logs
ahamed,
Still it displays the same thing as like a duplicate not the latest one and with the below error.
Usage: date [-u] [+"Field Descriptors"]
---------- Post updated at 03:45 AM ---------- Previous update was at 03:44 AM ----------
date: 0551-402 Invalid character in date/time specification
Which is your OS? Check if your date supports +%s option i.e. date +%s
Try changing the first line to if your date supports +%s
cur=$( date +%s )
(( cmp=cur-(24*60*60) ))
OS : AIX
Try the change in post # 13 then.
---------- Post updated at 01:59 AM ---------- Previous update was at 01:57 AM ----------
#!/bin/bash
cur=$( date +%s )
(( cmp=cur-(24*60*60) ))
while IFS=, read data rest
do
log_time=$( date +%s -d "$data" )
[[ $log_time -ge $cmp ]] && [[ $log_time -lt $cur ]]&& echo "$data,$rest"
done < error.logs
It gives me the same error 
Invalid character in date/time specification.
Usage: date [-u] [+"Field Descriptors"]
Well, as per the man page of aix, date should support this, may be some version difference. I dont have a aix box to test now. Hope you are executing the correct code. So date +"%s" also gives you the same output?
Do you have gawk?
date +%s
date +%s
1395652331
gives me the proper output. Am not sure why in script doesnt works:confused:
I just copied and pasted watever u hav given
cd /u/text/vinoth/bin
cur=$( date +%s )
(( cmp=cur-(24*60*60) ))
while IFS=, read data rest
do
log_time=$( date +%s -d "$data" )
[[ $log_time -ge $cmp ]] && [[ $log_time -lt $cur ]]&& echo "$data,$rest"
done < error.logs
I dont have gawk
log_time=$( date +%s -d "$data" ) is the line causing the problem. AIX doesn't have -d option.
What can be done to solve this??