HPE Community
Operating System - HP-UX
1821587 Members
3389 Online
109633 Solutions
New Discussion юеВ

grep latest time messages from the syslog

 
Ho_5
Advisor

тАО11-09-2003 07:59 AM

тАО11-09-2003 07:59 AM

grep latest time messages from the syslog

Hi,

In the syslog there are several times "named restart" messages, but I want to grep the latest

time "named restart" messages from the syslog.
The question is how?? I want to grep the messages which starts with "starting (/etc/named.conf)" and end on Ready "to anwser queries"

e.g.
Nov 20 11:53:01 dns2 named[21345]: starting (/etc/named.conf). named 8.2.5-T1A
etc..etc..
etc..
etc..etc.
Nov 20 11:53:02 dns2 named[21346]: Ready to answer queries.

Regards,

John
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

тАО11-09-2003 08:28 AM

тАО11-09-2003 08:28 AM

Re: grep latest time messages from the syslog

tail 50 /var/adm/syslog/syslog.log
Last 50. You can run this through grep if there is anything you are looking for.l

tail 50 /var/adm/syslog/syslog.log | grep -i error


tail -f /var/adm/syslog/syslog.log

continuous stream as they happen. I keep this in a terminal window when I suspect a system is getting ready to make trouble.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ho_5
Advisor

тАО11-09-2003 08:46 AM

тАО11-09-2003 08:46 AM

Re: grep latest time messages from the syslog

I don't want to use tail command.
Because I don't know where exactly it happenes.
I want to search throught the whole syslog to grep the latest "named restart".
not only one syntax/line, but all data from "starting..." to "Read"...y.

//john
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

тАО11-09-2003 11:56 AM

тАО11-09-2003 11:56 AM

Re: grep latest time messages from the syslog

Perl! If you spot a new begin, forget a prior text and start adding new text. If you spot an end, stop adding text. At the end, print text (if any).

hth,
Hein.


#!/usr/bin/perl
while (<>) {
if (/named\[\d+\]: start/) {
undef @x;
$go = 1;
}
push (@x, $_) if ($go);
$go = 0 if (/named\[\d+\]: Ready/);
}
print foreach (@x);

0 Kudos
Reply
Graham Cameron_1
Honored Contributor

тАО11-09-2003 07:30 PM

тАО11-09-2003 07:30 PM

Re: grep latest time messages from the syslog

I would use awk to capture the lines between your 2 strings, then print out the last captured set, like this:

awk '
BEGIN {linescaught=0}
$0 ~ /named/ && $0 ~ /starting/ { # Start of text
split ("", namedlines) # Empty the array
capturing = 1
linescaught = 0
}
(capturing > 0) {namedlines[++linescaught] = $0}
$0 ~ /named/ && $0 ~ /Ready/ { # End of text
capturing = 0
}
END { for (i=1;i<=linescaught;i++) print (namedlines[i]) }
' /var/adm/syslog/syslog.log

-- Graham
Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.