Log file text parsing

Shell Programming and Scripting
1

I'm new to scripting and was wondering if there was a way to accomplish what I want below using shell script(s).

If there is a log file as follows, where the id is the unique id of a process, with the timestamp of when the process began and completed displayed, would it be possible to find the time taken for each process (i.e. end time - start time)? Also, would it be possible to parse the text log to see if there are any processes that never completed (i.e. those that do not have a end id #X posted)?

BEGIN ID #1 - 2009-12-27 13:31:40.123894
END ID #1 - 2009-12-27 13:31:40.127205
BEGIN ID #2 - 2009-12-27 13:31:42.445600
BEGIN ID #3 - 2009-12-27 13:31:42.445635
END ID #3 - 2009-12-27 13:31:42.451483
END ID #2 - 2009-12-27 13:31:42.578831

I'm not looking for the actual script. Just want to know if something like this is possible, and if so, what/where should I be looking at?

Thanks in advance to any insight anyone can provide.

2

Since you are only asking for ideas...

awk on the file
# read thru the file
   val_id = id # extracted from string

# check to see if a BEGIN record
   if (BEGIN)
      Arr_Begin(valid_id) = extracted time
# an array to keep track of # of mentions
      Arr_Hits(valid_id) = Arr_Hits(valid_id) + 1

# check to see if an END record
   if (END) 
      Arr_End(valid_id) = extracted time
# an array to keep track of # of mentions
      Arr_Hits(valid_id) = Arr_Hits(valid_id) + 1

# now go thru the valid_id array for your conditions
# look for recs where Arr_Hits =1
# etc...
3

Hello ,

#!/usr/local/bin/perl -w
use strict;
open(FILE,"<your_log_file"); #open the file
while(<FILE>) #read file
{
if(/BEGIN/){push(@list,$_);}
elsif(/END/)
{
my @rec=split(/\s/,$_);
foreach $val (@list){my @org_list=split(/\s/,$val);if($rec[2]==$org_list[2]) 
{
my @time1=split(/:/,$rec[5]);
my @time2=split(/:/,$org_list[5]);
print $rec[2],"process executed for",$time2[0]-$time1[0],":",$time2[1]-$time1[1],":",$time2[2]-$time1[2];
}else print $rec[2],"is a daemon";
} #foreach 
}#while

The algorithm goes like this,
if the tag is begin, push it in some list,
if the tag is end, run a loop through the list and check for its BEGIN. if found then find the difference in time otherwise, say that that the process was a daemon(never ended)
Regards,

P.S. sorry for the messy code. in a hurry..

4

Thanks guys for your suggestions. I now have an idea on how to approach this, so thanks again.