Log file query

LAVco · April 25, 2010, 2:15pm

Hello all,

I am trying to query a log file based on 5 conditions; Information, Warning, Error or Warning, Error or Information, Warning, Error.

Sample of the log file:

2010-04-25 12:47:06 Information: Network-Socket(1) process started.
2010-04-25 12:47:09 Information: SNMP-Socket(1-1) process started.
2010-04-25 12:47:34 Information: SNMP-Socket(1-1) process stopped.
2010-04-25 12:47:34 Information: Network-Socket(1) process stopped.
2010-04-25 12:47:34 Information: Network-Socket(2) process started.
2010-04-25 12:47:37 Information: Network-Socket(2) host ping failed.
2010-04-25 12:47:37 Error: Network-Socket(2) process aborted.
2010-04-25 12:47:37 Information: Network-Socket(3) is disabled.
2010-04-25 12:52:09 Information: Network-Socket(1) process started.
2010-04-25 12:52:11 Information: SNMP-Socket(1-1) process started.
2010-04-25 12:52:33 Information: SNMP-Socket(1-1) process stopped.
2010-04-25 12:52:33 Information: Network-Socket(1) process stopped.
2010-04-25 12:52:33 Information: Network-Socket(2) process started.
2010-04-25 12:52:33 Information: FTP-Socket(2-1) process started.
--2010-04-25 12:52:33--  ftp://192.168.2.101/chan1.jpg
           => `/home/idas/das/var/NS.CH.RNSRP.FTP_FILE-2-1-1.20100425T155208.tmp'
Connecting to 192.168.2.101:21... failed: No route to host.
2010-04-25 12:52:36 Error: FTP-Socket(2-1) remote file(1) get failed (/chan1.jpg).
2010-04-25 12:52:37 Information: FTP-Socket(2-1) process stopped.
2010-04-25 12:52:37 Information: Network-Socket(2) process stopped.
2010-04-25 12:52:37 Information: Network-Socket(3) is disabled.

Also, the output doesn't require error output details e.g.

--2010-04-25 12:52:33--  ftp://192.168.2.101/chan1.jpg
           => `/home/idas/das/var/NS.CH.RNSRP.FTP_FILE-2-1-1.20100425T155208.tmp'

There was a recent posting using awk that was close but it wasn't outputting the timestamps. Any assistance with this would be appreciated.

Thanks in advance.

alister · April 25, 2010, 2:33pm

Query how? Provide examples of how you'd like to query and what you expect in response. You haven't provided sufficient information for anyone to help you out.

Regards,
Alister

pseudocoder · April 25, 2010, 2:54pm

Not sure, if I've understood your request because the solution seems to be too easy:

$ grep Information logfile
$ grep Warning logfile
$ grep Error logfile
$ egrep '(Error|Warning)' logfile
$ egrep '(Error|Information)' logfile

LAVco · April 25, 2010, 3:59pm

alister: query conditions were provided.
pseudocoder: thanks (some things that seem easy for others aren't).

thanks for your help.

pseudocoder · April 25, 2010, 4:11pm

You're welcome. I'm glad I could help you.