HPE Community
Operating System - HP-UX
1834804 Members
2332 Online
110070 Solutions
New Discussion

Re: Syslog.log reporting

 
SOLVED
Go to solution
YLTan
Frequent Advisor

‎04-12-2003 09:50 PM

‎04-12-2003 09:50 PM

Syslog.log reporting


I need to write a shell scripts to do reporting on those all events that happen yesterday and logged in syslog.log file. I also need to include in the scripts an exclusion list for those events that I am not interested on. Can someone advice on a workable shell scripting techniuqes other than using grep -v which is going to be a lot when it come to exclusion.

I have to use shell script and not Perl or any other lang.
tyl
0 Kudos
Reply
4 REPLIES 4
Michael Tully
Honored Contributor

‎04-12-2003 11:33 PM

‎04-12-2003 11:33 PM

Solution

Re: Syslog.log reporting

Have a look in this posting. There is a syslog script there, you may be able to adapt to your needs.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x836cc1c4ceddd61190050090279cd0f9,00.html
Anyone for a Mutiny ?
Reply
Bill Douglass
Esteemed Contributor

‎04-13-2003 08:18 PM

‎04-13-2003 08:18 PM

Re: Syslog.log reporting

ACtually, grep syntax is not that hard to handle. You can put your grep expressions together with multiple "-e" options, and store them in a shell variable to make maintenance easier. For example, to weed out normal noise from syslog.log on our host, I can run

#!/bin/sh
FILE="/var/adm/syslog/syslog.log"
EXP="-e registrar -e ftp -e telnet -e omni -e ident"
grep -v $EXP $FILE > /var/adm/syslog/syslog-filtered.log

You can also pipe a grep looking for a specific date:

DATE=`date %b %e`
grep "$DATE" /var/adm/syslog/syslog.log


If you havethe space, you can keep a copy of your syslog.log file from each run, and just grep the diff of the old and current files:


diff /var/adm/syslog/syslog.log /var/adm/syslog/oldsyslog.log > /tmp/syslog.diff

grep -v $EXP /tmp/syslog.diff


You can install the GNU shell utilities from
http://hpux.connect.org.uk/hppd/hpux/Gnu/sh_utils-2.0/

This package includes the GNU date command, which allows you to specify the date you want to display, instead of just the curretn date and time. This makes it easier to search for date strings from 24 hours ago.

I hope this is some help. Please follow-up if you have more specific questions.
0 Kudos
Reply
Tim Sanko
Trusted Contributor

‎04-15-2003 05:11 AM

‎04-15-2003 05:11 AM

Re: Syslog.log reporting

I would use egrep 'string1|string2|string3|string4' syslog.log | grep -v

Then I would sort by unique or count them or whatever is appropriate.

Tim
0 Kudos
Reply
Steve Steel
Honored Contributor

‎04-15-2003 05:52 AM

‎04-15-2003 05:52 AM

Re: Syslog.log reporting

Hi

try

for field in "last message" DTSESSION
do
grep "$field" /var/adm/syslog/syslog.log
done|sort


replace list of fields with the ones you want

only extract needed and no -v


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.