| 1 |
On Fri, 08 Jul 2005 00:54:46 +0200 |
| 2 |
Richard Fish wrote: |
| 3 |
|
| 4 |
> Michael Thompson wrote: |
| 5 |
> |
| 6 |
> >I am trying to extract information in my logs for a abuse department and am |
| 7 |
> >using the code: |
| 8 |
> > |
| 9 |
> >Code: |
| 10 |
> > |
| 11 |
> >zcat /var/log/messages.*?.gz | grep 212.56.68.108 >> /home/mike/abuse1 |
| 12 |
> > |
| 13 |
> >The logs are standard: messages.??.gz |
| 14 |
> > |
| 15 |
> >However, when I examine the output, it starts on the 1st may, however the logs |
| 16 |
> >contain details from the 25th Febuary. What am I doing wrong? |
| 17 |
> > |
| 18 |
> > |
| 19 |
> > |
| 20 |
> |
| 21 |
> Are you *sure* the February information is not there?? I think this |
| 22 |
> probably has nothing to do with the grep command, but more with the |
| 23 |
> shell expansion. When I do "ls -l /var/log/messages.*?.gz", I get the |
| 24 |
> following: |
| 25 |
> |
| 26 |
> -rw------- 1 root root 696588 Feb 21 09:00 /var/log/messages.1.gz |
| 27 |
> -rw------- 1 root root 795675 Feb 14 15:40 /var/log/messages.2.gz |
| 28 |
> -rw------- 1 root root 491964 Feb 6 19:00 /var/log/messages.3.gz |
| 29 |
> -rw------- 1 root root 482189 Jan 31 05:10 /var/log/messages.4.gz |
| 30 |
> |
| 31 |
> Notice that the dates are in reverse order. If I were to cat those |
| 32 |
> together, the oldest information would be at the end. I think you want: |
| 33 |
> |
| 34 |
> zcat `ls -rt /var/log/messages.*?.gz` | grep 212.56.68.108 >> |
| 35 |
> /home/mike/abuse1 |
| 36 |
|
| 37 |
|
| 38 |
another potential problem is that if you have 10 or more rotated log |
| 39 |
files you will get them in the order: |
| 40 |
|
| 41 |
/var/log/messages.1.gz |
| 42 |
/var/log/messages.10.gz |
| 43 |
/var/log/messages.2.gz |
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
> |
| 48 |
> -Richard |
| 49 |
> |
| 50 |
> -- |
| 51 |
> gentoo-user@g.o mailing list |
| 52 |
|
| 53 |
-- |
| 54 |
Nick Rout |
| 55 |
|
| 56 |
-- |
| 57 |
gentoo-user@g.o mailing list |
Archives