Get all lines in a file after particular time

deepakgang · August 27, 2009, 7:18am

Hi All,

I am lookig for a way to get all the lines from a log file which has been updated 5 mins prior to the system time.

The log file will be like below:

09:01:00 Started polling
09:01:05 Checking directory test
09:02:00 Error! Cannot access directory test
09:03:00 Polling

I get the system time and calculate 5 mins before the system time. For example if the system time is 09:05, then the script will calculate the time to check as 09:00. Then a sed command will be run to get all the lines below the pattern:

sed '/$time/,$p' $logfile

Which will print all the lines below the pattern. But if the log file does not contain 09:00, no lines will be grepped. Is there a way to solve this issue?

Thanks
D

kd09714 · August 27, 2009, 7:57am

why don't you first grep for 09:00 and make sure the log is written for 09:00 and if grep succeeds, you proceed with sed... in other case you can increase/decrease the time by 01 min or so.

vbe · August 27, 2009, 7:57am

Why dont you append a line with the time every 5 minutes for you to use then?

deepakgang · August 27, 2009, 8:47am

Thats a good idea. But the problem is that there are a number of log files in which the command is checking.. in that case we will need to append the time in all the log files.

b33713 · August 27, 2009, 11:14am

#!/bin/sh
five_mins_ago=$(date -d '5 min ago' +%s)
awk -v start=$five_mins_ago '{
        getlogtime="date -d "$1" +%s"
        getlogtime | getline logtime
        if (logtime > start ) print $0
}' $logfile

ripat · August 27, 2009, 11:48am

Another awk solution:

BEGIN{"date +'%H:%m:%S' --date 'now 5 minutes ago'" | getline sys_time}
$1 >= sys_time {print}

deepakgang · August 28, 2009, 8:49am

The date -d doesnt work in my version of unix.

Therefore I have been trying to follow the approach by vbe to write a specific line to all the log files in every 5 mins.

But I am facing another issue with sed:

check_param="Fri Aug 28 12:59:14 BST 2009ALERT CHECKPOINT"

Then Im using sed to get all the lines after the above string from the log files like below:

sed -n /$check_param/,$p test.log

But Im getting the error: sed: 0602-404 Function /Fri cannot be parsed.

If I use the string itself instead of the variable, im getting the correct output. I believe I am not using the variable in sed correctly.

Thanks
D

thanhdat · August 28, 2009, 9:27am

Take a look at this post : http://www.unix.com/shell-programming-scripting/14085-how-can-i-use-variable-sed.html

Hope that helps.

deepakgang · August 31, 2009, 5:57am

I have found out another simpler way to do what I wanted

First the script will grep for all the error messages in the log files and save them to a file.
It will compare this file with the list of error messages grepped during the last run. If there are new rows added to the file, they will be emailed else skip.

So basically simple grep and diff commands

thanks all for the help.. also if there are any better ideas most welcome