Grep'ing information from a log file on SUN OS 5

illgetit · November 18, 2011, 1:53am

Hi Guys,
I'm trying to write an script that will be launched by a user. The script will look at a log file and check for alerts with the date (supplied by user) and a machine's hostname (also supplied by the user). I'm trying to get the output formatted just like the log file.
The logfile looks like this:
-----

popup on localmachine

Date/Time:      MM/DD/YYYY
Host:           hostname
Alert Type:     ALARM
Parameter:      Paramiter information

Alarm information goes here
-----

The script I'm working with looks like this:

#!/bin/bash
echo "Enter the machine name followed by [ENTER]:"
read HOST

echo "Enter the date you wish to check for MM/DD/YYYY":
read DATE

ssh hostname grep '$HOST|$DATE' /path/to/file.log
echo

I've tried several variations of this, but all I get is gobbledygook:wall:. Can someone point me in the right direction? Any help is appreciated

hergp · November 18, 2011, 2:52am

Try to replace the single quotes with double quotes and add another pair of escaped quotes for the shell on hostname, so that the pipe character is not interpreted by the shell there.

ssh hostname grep "\"$HOST|$DATE\"" /path/to/file.log

illgetit · November 19, 2011, 7:29pm

Hi Hergp, I tried it, and it gave me no output at all. Even when I grep for an entry that I know is in the log.
It's so frustrating being owned by something that seems like it would be a piece of cake. grrrrrrrr :wall:

agama · November 19, 2011, 11:44pm

Is the string that you are searching for on the remote host literally hostname|date , or are you wanting to grep for records with either host OR date in them?

If you want to grep for host OR date you need to use egrep or supply the -E option:

ssh hostname "egrep '$DATE|$HOST' "

illgetit · November 20, 2011, 1:59am

Hi Agama,
The information appears in the log in this format:
Date/Time: MM/DD/YYYY
Host: hostname
Alert Type: ALARM
Parameter: Paramiter information
Entries are seperated by a "-----------------"
What I'm trying to accomplish, is to make a simple check for end users to use so they can see if there were any alerts on a given day.
Any help is much appreciated

agama · November 20, 2011, 11:37am

You can try adding this to your script. Be careful with the quotes on the first and last lines. The awk programme needs to be quoted in single quotes on the remote machine, and you don't want the local shell to substitute in for $x references, so the quoting is tricky.

ssh hostname awk -v targeth=$HOST -v targetd=$DATE "'"'
    function print_stuff( atend )
    {
        if( date )
        {
            pcount++;
            printf( "%s\n%s\n%s\n%s\n\n", date, host, alert, parameter );
        }
        else
            if( atend  && ! pcount )
                printf( "no alarms found for %s\n", targeth );
    }

    /^Date.Time: / {
        print_stuff( 0 );   # print last block if collected
        date = targetd == $2 ? $0 : "";
        next;
    }

    /^Host: / && date {
        host = $0;
        if( $2 != targeth )
            date = "";      # reject; wrong date
        next;
    }

    /^Alert Type: / {
        alert = $0;
        next;
    }

    /^Parameter: / {
        parameter = $0;
        next;
    }

    END {
        print_stuff( 1 );               # print last block if it was collected
    }
'"' <path-to-logfile"

Hope this gets you closer.