HPE Community
Operating System - Linux
1825811 Members
2468 Online
109688 Solutions
New Discussion

My awking buddies.

 
SOLVED
Go to solution
Belinda Dermody
Super Advisor

‎11-10-2005 06:33 AM

‎11-10-2005 06:33 AM

My awking buddies.

I am trying to use the current MM DD variable with a awk command within a script, extracting current days sudo usage, each entry is two lines.

I get the following to work but the date is hard coded.
awk '/Nov 10/ {print $0; for (i=1;i<2;i++) {getline;print $0; } }' /var/log/sudo.log

I want to set the date for each run with the CDATE=`date "+%b %d"` and beable to use the $CDATE instead of Nov 10 as above.
0 Kudos
14 REPLIES 14
Geoff Wild
Honored Contributor

‎11-10-2005 06:44 AM

‎11-10-2005 06:44 AM

Re: My awking buddies.

Try:

awk '/'"$CDATE"'/ {print $0; for (i=1;i<2;i++) {getline;print $0; } }' /var/log/sudo.log


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Rick Garland
Honored Contributor

‎11-10-2005 06:55 AM

‎11-10-2005 06:55 AM

Solution

Re: My awking buddies.

Here is a script that I wrote a few years ago. I believe it is doing what you want.
Modify for your use and preferences.

Note; Later versions of the sudo.log have a different layout of the file. The result is that this script will pull values that are no longer in this position.

0 Kudos
Belinda Dermody
Super Advisor

‎11-10-2005 07:10 AM

‎11-10-2005 07:10 AM

Re: My awking buddies.

Geoff I have already tried that, the preceeding ' nullifies all the special characters so the $ is not translated..
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎11-10-2005 07:16 AM

‎11-10-2005 07:16 AM

Re: My awking buddies.

James:

One way:

# CDATE1=`date +%b`
# CDATE2=`date +%d`
# awk $1~CDATE1 && $2~CDATE2 {print $0;for (i=1;i<2;i++) {getline;print $0;}}' CDATE1=${CDATE1} CDATE2=${CDATE2} /var/log/sudo.log

You will need to change $1 and $2 to match the actual field numbers in you record.

Regards!

...JRF...
0 Kudos
Belinda Dermody
Super Advisor

‎11-10-2005 07:39 AM

‎11-10-2005 07:39 AM

Re: My awking buddies.

Jim, good to hear from you again, I get the good ole bail out in awk using your suggestion. See the attached word doc...
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎11-10-2005 07:43 AM

‎11-10-2005 07:43 AM

Re: My awking buddies.

Hi (again) James:

Sorry, looks like I transposed a "'". Try:

# awk '$1~CDATE1 && $2~CDATE2 {print $0; for (i=1;i<2;i++) {getline;print $0;}}' CDATE1=${CDATE1} CDATE2=${CDATE2} /var/log/sudo.log

Regards!

...JRF...
0 Kudos
Sandman!
Honored Contributor

‎11-10-2005 07:47 AM

‎11-10-2005 07:47 AM

Re: My awking buddies.

How about...

# CDATE=`date "+%b %d"`

# awk '$0 ~ cdt {print $0;for(i=1;i<2;i++) {getline;print $0}}' cdt="$CDATE" /var/log/sudo.log

cheers!
0 Kudos
Belinda Dermody
Super Advisor

‎11-10-2005 08:03 AM

‎11-10-2005 08:03 AM

Re: My awking buddies.

Still getting bailouts
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎11-10-2005 08:16 AM

‎11-10-2005 08:16 AM

Re: My awking buddies.

Hi James:

My second post seems to work in my hands if I cut-and-paste from this site. Are you still getting syntax errors? No points if "yes" and/or at your discretion.

Regards!

...JRF...
0 Kudos
Geoff Wild
Honored Contributor

‎11-10-2005 08:23 AM

‎11-10-2005 08:23 AM

Re: My awking buddies.

What about adding the carrot ^:

Try:

awk '/^'"$CDATE"'/ {print $0; for (i=1;i<2;i++) {getline;print $0; } }' /var/log/sudo.log


Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Belinda Dermody
Super Advisor

‎11-10-2005 08:24 AM

‎11-10-2005 08:24 AM

Re: My awking buddies.

Jim, you are right, I maintain HP and Sun systems, it works ok from the command line on the HP system but I get bail out on the Sun system runnning Solaris 10. My HP sudo logs are one liners so I have no problem with those sysems, it is the new Sun systems that were dropped in my lap..
0 Kudos
Belinda Dermody
Super Advisor

‎11-10-2005 08:31 AM

‎11-10-2005 08:31 AM

Re: My awking buddies.

Ok Jim, if I use nawk on the Solaris system with your help I get the results, as always guys I knew you would be it to death and come up with the correct answer...
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎11-10-2005 08:32 AM

‎11-10-2005 08:32 AM

Re: My awking buddies.

Hi James:

OK. There is another syntax to pass external variable. It uses '-v'. Try this:

# awk -v CDATE1=${CDATE1} -v CDATE2=${CDATE2} '$1~CDATE1 && $2~CDATE2 {print $0; for (i=1;i<2;i++) {getline;print $0;}}' /var/log/sudo.log

Regards!

...JRF...

0 Kudos
Belinda Dermody
Super Advisor

‎11-10-2005 08:38 AM

‎11-10-2005 08:38 AM

Re: My awking buddies.

Boy, I just read my closure, need a editor to verify what I wrote. Meant to say with all your help beating it to death we came up with the correct answer. I am not trying anything else, I have a stress headache already and if it works don't change it...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.