| 1 |
Michael Thompson wrote: |
| 2 |
|
| 3 |
>I am trying to extract information in my logs for a abuse department and am |
| 4 |
>using the code: |
| 5 |
> |
| 6 |
>Code: |
| 7 |
> |
| 8 |
>zcat /var/log/messages.*?.gz | grep 212.56.68.108 >> /home/mike/abuse1 |
| 9 |
> |
| 10 |
>The logs are standard: messages.??.gz |
| 11 |
> |
| 12 |
>However, when I examine the output, it starts on the 1st may, however the logs |
| 13 |
>contain details from the 25th Febuary. What am I doing wrong? |
| 14 |
> |
| 15 |
> |
| 16 |
> |
| 17 |
|
| 18 |
Are you *sure* the February information is not there?? I think this |
| 19 |
probably has nothing to do with the grep command, but more with the |
| 20 |
shell expansion. When I do "ls -l /var/log/messages.*?.gz", I get the |
| 21 |
following: |
| 22 |
|
| 23 |
-rw------- 1 root root 696588 Feb 21 09:00 /var/log/messages.1.gz |
| 24 |
-rw------- 1 root root 795675 Feb 14 15:40 /var/log/messages.2.gz |
| 25 |
-rw------- 1 root root 491964 Feb 6 19:00 /var/log/messages.3.gz |
| 26 |
-rw------- 1 root root 482189 Jan 31 05:10 /var/log/messages.4.gz |
| 27 |
|
| 28 |
Notice that the dates are in reverse order. If I were to cat those |
| 29 |
together, the oldest information would be at the end. I think you want: |
| 30 |
|
| 31 |
zcat `ls -rt /var/log/messages.*?.gz` | grep 212.56.68.108 >> |
| 32 |
/home/mike/abuse1 |
| 33 |
|
| 34 |
-Richard |
| 35 |
|
| 36 |
-- |
| 37 |
gentoo-user@g.o mailing list |
Archives