Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
cancel
Showing results for 
Search instead for 
Did you mean: 

My awking buddies.

SOLVED
Go to solution
Belinda Dermody
Super Advisor

My awking buddies.

I am trying to use the current MM DD variable with a awk command within a script, extracting current days sudo usage, each entry is two lines.

I get the following to work but the date is hard coded.
awk '/Nov 10/ {print $0; for (i=1;i<2;i++) {getline;print $0; } }' /var/log/sudo.log

I want to set the date for each run with the CDATE=`date "+%b %d"` and beable to use the $CDATE instead of Nov 10 as above.
14 REPLIES
Geoff Wild
Honored Contributor

Re: My awking buddies.

Try:

awk '/'"$CDATE"'/ {print $0; for (i=1;i<2;i++) {getline;print $0; } }' /var/log/sudo.log


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Rick Garland
Honored Contributor
Solution

Re: My awking buddies.

Here is a script that I wrote a few years ago. I believe it is doing what you want.
Modify for your use and preferences.

Note; Later versions of the sudo.log have a different layout of the file. The result is that this script will pull values that are no longer in this position.

Belinda Dermody
Super Advisor

Re: My awking buddies.

Geoff I have already tried that, the preceeding ' nullifies all the special characters so the $ is not translated..
Highlighted
James R. Ferguson
Acclaimed Contributor

Re: My awking buddies.

James:

One way:

# CDATE1=`date +%b`
# CDATE2=`date +%d`
# awk $1~CDATE1 && $2~CDATE2 {print $0;for (i=1;i<2;i++) {getline;print $0;}}' CDATE1=${CDATE1} CDATE2=${CDATE2} /var/log/sudo.log

You will need to change $1 and $2 to match the actual field numbers in you record.

Regards!

...JRF...
Belinda Dermody
Super Advisor

Re: My awking buddies.

Jim, good to hear from you again, I get the good ole bail out in awk using your suggestion. See the attached word doc...
James R. Ferguson
Acclaimed Contributor

Re: My awking buddies.

Hi (again) James:

Sorry, looks like I transposed a "'". Try:

# awk '$1~CDATE1 && $2~CDATE2 {print $0; for (i=1;i<2;i++) {getline;print $0;}}' CDATE1=${CDATE1} CDATE2=${CDATE2} /var/log/sudo.log

Regards!

...JRF...
Sandman!
Honored Contributor

Re: My awking buddies.

How about...

# CDATE=`date "+%b %d"`

# awk '$0 ~ cdt {print $0;for(i=1;i<2;i++) {getline;print $0}}' cdt="$CDATE" /var/log/sudo.log

cheers!
Belinda Dermody
Super Advisor

Re: My awking buddies.

Still getting bailouts
James R. Ferguson
Acclaimed Contributor

Re: My awking buddies.

Hi James:

My second post seems to work in my hands if I cut-and-paste from this site. Are you still getting syntax errors? No points if "yes" and/or at your discretion.

Regards!

...JRF...
Geoff Wild
Honored Contributor

Re: My awking buddies.

What about adding the carrot ^:

Try:

awk '/^'"$CDATE"'/ {print $0; for (i=1;i<2;i++) {getline;print $0; } }' /var/log/sudo.log


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Belinda Dermody
Super Advisor

Re: My awking buddies.

Jim, you are right, I maintain HP and Sun systems, it works ok from the command line on the HP system but I get bail out on the Sun system runnning Solaris 10. My HP sudo logs are one liners so I have no problem with those sysems, it is the new Sun systems that were dropped in my lap..
Belinda Dermody
Super Advisor

Re: My awking buddies.

Ok Jim, if I use nawk on the Solaris system with your help I get the results, as always guys I knew you would be it to death and come up with the correct answer...
James R. Ferguson
Acclaimed Contributor

Re: My awking buddies.

Hi James:

OK. There is another syntax to pass external variable. It uses '-v'. Try this:

# awk -v CDATE1=${CDATE1} -v CDATE2=${CDATE2} '$1~CDATE1 && $2~CDATE2 {print $0; for (i=1;i<2;i++) {getline;print $0;}}' /var/log/sudo.log

Regards!

...JRF...

Belinda Dermody
Super Advisor

Re: My awking buddies.

Boy, I just read my closure, need a editor to verify what I wrote. Meant to say with all your help beating it to death we came up with the correct answer. I am not trying anything else, I have a stress headache already and if it works don't change it...