shell script to search content of file with timestamps in the directory

psychobeauty · April 20, 2008, 12:11pm

hello,

i want to make a script to search the file contents in my home directory by a given date and output me the line that has the date...

psychobeauty · April 20, 2008, 12:14pm

read -p "what date ?" vardate
echo $vardate
awk -v d="$vardate" '$0 ~ d{print}' weblog

i find this one that really works its output me the correct line and everything...
but each time i need to go and change the filename in order to find what i want...

era · April 20, 2008, 12:43pm

I recently responded to a similar question of yours here: http://www.unix.com/unix-dummies-questions-answers/41092-shell-script-search-text-file-copy-file.html\#post302187223

#!/bin/sh

case $# in 0|1) echo "syntax: $0 date files ..." >&2; exit 2;; esac

date=$1
shift

awk -v d="$date" '$0 ~ d' "$@"

This expects the date as the first parameter, and a list of files as the remaining parameters. Those are passed through to awk in "$@" after the first argument (the date) has been shifted off and passed to the awk script as a variable.

I took out the { print } because that is the default action; this is probably less readable, so if you don't use awk much, it might be safer to leave it in.

Of course, this simple script is exactly equivalent to grep without any options or other bells & whistles.

psychobeauty · April 20, 2008, 1:50pm

thanx for replying era!!!

but i am afraid this does not work.
i think that in the script that u write it checking throught files date..
what i want is to check throught files text content...
i have the traffic of my website... in a directory named traffic...
the traffic directory have files with each webpage ip that visit my website!!
so i want the script to be able to output me the ips that visit my website the date that i ask...

era · April 20, 2008, 2:29pm

You might think wrong. Try it.

Like I already wrote, this is equivalent to grep date file

For example, grep 2008-04-20 traffic/127.0.0.1 would search for 2008-04-20 in the file traffic/127.0.0.1.

Maybe your logs use a different date format, but you get the idea.

PS. Simpler still awk script, provided your date format doesn't have slashes in it:

#!/bin/sh

case $# in 0|1) echo "syntax: $0 date files ..." >&2; exit 2;; esac

date=$1
shift

awk "/$date/" "$@"

psychobeauty · April 20, 2008, 3:02pm

i try it!!!

and it does not work!!
its get me a syntax error..

i used it like this

#!/bin/sh

read -p "what date" vardate
echo $vardate

case $# in 0|1) echo "syntax: $0 date files ..." >&2; exit 2;; esac

date=$1
shift

awk "/$date/" "$@"

am i wrong somewhere??

my log files text are in this format : 162.12.56.7 Tues Feb 8 21:02:35 GMT 2008

era · April 20, 2008, 4:18pm

What's the syntax error? And why did you add the "read vardate" stuff? You're supposed to pass in the date on the command line. Of course, you can change that, but then you need to modify the rest of the script accordingly.

When passing a value with spaces in it, you need to use quotes:

grep "Tues Feb 8" traffic/127.0.0.1

Here's another try at a script:

#!/bin/sh

case $# in 0) echo syntax: $0 files ...; exit 2;; esac

echo enter date:
read date

grep "$date" "$@"

The script will be more useful for use from other scripts if you let it accept the date on the command line rather than read it interactively, but that may not be an issue here. Anyway, you need to pass it the file(s) to search as arguments anyway, so why not make the date a command-line argument, too (or else ask which files to grep, interactively).

psychobeauty · April 20, 2008, 5:53pm

era:

What's the syntax error? And why did you add the "read vardate" stuff? You're supposed to pass in the date on the command line. Of course, you can change that, but then you need to modify the rest of the script accordingly.

When passing a value with spaces in it, you need to use quotes:
grep "Tues Feb 8" traffic/127.0.0.1
Here's another try at a script:
#!/bin/sh

case $# in 0) echo syntax: $0 files ...; exit 2;; esac

echo enter date:
read date

grep "$date" "$@"
The script will be more useful for use from other scripts if you let it accept the date on the command line rather than read it interactively, but that may not be an issue here. Anyway, you need to pass it the file(s) to search as arguments anyway, so why not make the date a command-line argument, too (or else ask which files to grep, interactively).

itry this one also era when i execute it it tell me

syntax: files...

i think the error might be on the

case $# in 0) echo syntax: $0 files ...; exit 2;; esac

era · April 21, 2008, 2:15am

You invoke it on the files you want to search. If you called the script datefind, you'd run it like

./datefind traffic/127.0.0.1

and it will prompt you for the date, and search in the file traffic/127.0.0.1 for the given date.

Once again, it doesn't really offer any advantage over regular grep, unless you specifically want the interactive prompting for a date. (Saves you from quoting the date, too.)

summer_cherry · April 21, 2008, 4:20am

read var
for i in *
do
grep $var $i
if [ $? -le 0 ] 
then
echo $1:`grep $var $i`
fi
done

era · April 21, 2008, 5:37am

summer_cherry: you need to double-quote $var, as it might contain spaces.

Also, running grep twice seems kind of excessive. Already the first invocation will print the match (unless you redirect or suppress it), albeit without the "$1": prefix. If you meant to print the file name, that's not entirely correct; you are looping over files with the file name in $i, so that is likely what you intended to print, but you can do that with grep "$var" $i /dev/null or -- in some versions -- grep -H

Anyway, the loop isn't really necessary, because grep can handle multiple input files.

#!/bin/sh

echo -n 'Type in the date: '
read date
grep "$date" *

This will search all files in the current directory. Perhaps that's what the OP wants, although the problem description mentions a subdirectory with log files, from which (as I understand it) only one is to be searched at a time.