Hi Friends! I need to prepare a script which will grep logs from the current time to previous 5 mins that is if the current time is Mon Jun 13 12:40:40 IST 2011 then all the logs between the interval Mon Jun 12:35 - 12:40 2011 should be grepped by the script and append it to another file. However, the below script is not able to grep the desired logs, so I need some help in preparing the script. I am running Centos 5.2 32-bit. for (( i = 5; i >=0; i-- )) ; do grep $(date "+%a %b %d %R %Y" -d "-$i min") /var/ossec/logs/active-responses.log >> /tmp/newlog.log;done /var/ossec/logs/active-responses.log format is below Fri Jun 3 15:38:14 IST 2011 /var/ossec/active-response/bin/host-deny.sh add - 172.31.5.12 1307095694.71353 31151 Fri Jun 3 15:38:14 IST 2011 /var/ossec/active-response/bin/firewall-drop.sh add - 172.31.5.12 1307095694.71353 31151 Thanks & Regards Ankush
On 06/13/11 12:36 AM, ankush grover wrote:> Hi Friends! > > I need to prepare a script which will grep logs from the current time > to previous 5 mins that is if the current time is Mon Jun 13 12:40:40 > IST 2011 then all the logs between the interval Mon Jun 12:35 - 12:40 > 2011 should be grepped by the script and append it to another file. > However, the below script is not able to grep the desired logs, so I > need some help in preparing the script. I am running Centos 5.2 > 32-bit. > > > > for (( i = 5; i>=0; i-- )) ; do grep $(date "+%a %b %d %R %Y" -d "-$i > min") /var/ossec/logs/active-responses.log>> /tmp/newlog.log;done > > > /var/ossec/logs/active-responses.log format is below > Fri Jun 3 15:38:14 IST 2011 > /var/ossec/active-response/bin/host-deny.sh add - 172.31.5.12 > 1307095694.71353 31151 > Fri Jun 3 15:38:14 IST 2011 > /var/ossec/active-response/bin/firewall-drop.sh add - 172.31.5.12 > 1307095694.71353 31151Well, $ i=5 date "+%a %b %d %R %Y" -d "-$i min" Mon Jun 13 00:46 2011 so that probably won't work for matching the text in your logfiles... -- john r pierce N 37, W 122 santa cruz ca mid-left coast
Reasonably Related Threads
- Puppet custom functions and user permissions
- Hiera, OSSEC and per-node stuff?
- software for analyzing ssh logs and generatiing reports based on that
- centralized logs server and also storing the logs on the local server
- How to detect botnet user on the server ?