OK, it seems that I'm trying to create a script in AWK that basically looks for two fields in a user log file, but here's the catch: both of the matching fields have to be before a given date.

joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 26 09:23 - 12:52 (03:29)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 26 00:21 - 00:42 (00:20)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 25 21:15 - 23:12 (01:57)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 24 23:14 - 23:19 (00:04)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 24 23:10 - 23:14 (00:04)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 23 18:55 - 00:33 (05:38)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 23 18:04 - 18:53 (00:48)
joel pts/0 10.52.0.76 Jan 20 11:25 - 17:40 (06:15)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 19 22:25 - 23:19 (00:53)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 18 23:21 - 23:24 (00:03)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 18 22:50 - 22:56 (00:05)
joel pts/0 10.52.0.76 Jan 18 17:01 - 17:23 (00:22)
joele pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 09 23:02 - 23:08 (00:06)
joel pts/0 static-70-18-11-174.ny325.east.verizon.net Jan 09 22:32 - 22:46 (00:14)

As you can see, with the magic of piping the log file with cat through Grep and fishing out the two required fields: "joel" and "pts/0", I narrowed down the instances of them. However, as I stated before, I need to get the last five instances a.k.a. every entry before January 19. The problem is my syntax. You could say that I'm Unix illiterate at this point and only managed to slightly grasp the norms of this OS. Here's what I managed to start off with:

/joel pts"\/"0/{print}

As you can see, this gives me an parse error since I don't know how to find two fields within each line and print that line with both fields in one search. Also, I really don't understand the logic in finding data with a condition, as in this case, all entries of both fields before January 19. What would I have to write so that I limit the lines of data that contain those two fields before the given date? I hope I can get help on this, I would really appreciate it.

I shutter when I read "cat piped into grep" which ranks as one of the more superfluous things I have to read about (or see) in a shell script. A simple script (with no error checking) is outlined below. I put your data into the file named junk.049.data. Nothing personal, just my way of organizing scripts I post in my never ending endeavor to assist neophyte shell script writers. There are a couple of good perl, sed and awk people here. Perhaps they can post a little different solution.

#!/bin/ksh

typeset -Z2 Month MONTH
integer day DATE

print "Enter the numeric cutoff month you are looking for: \c"
read MONTH
print "Enter the numeric cutoff date you are looking for: \c"
read DATE

exec 3< ./junk.049.data

while read -u3 name tty ip month day junk
do

case $month in

Jan ) Month=01
;;
Feb ) Month=01
;;
Mar ) Month=03
;;
Apr ) Month=04
;;
May ) Month=05
;;
Jun ) Month=06
;;
Jul ) Month=07
;;
Aug ) Month=08
;;
Sep ) Month=09
;;
Oct ) Month=10
;;
Nov ) Month=11
;;
Dec ) Month=12
;;
esac

if [[ $Month -lt $MONTH ]]
then
print $name $tty $month $day
elif [ $Month -eq $MONTH -a $day -lt $DATE ]
then
print $name $tty $month $day
fi

done

This is probably my last posting in this news group. Even though I've been doing this a long time (script writing), I've constantly learned a lot from Jim, Nails, William and a lot of other people. However, I've noticed that lately, this group has become a surrogate for many alleged System Administrators. A lot of them are on non-immigrant visas working in this country because of their so called "scarce skills". You can draw your own conclusions regarding how I feel about that.

Thanks for replying. From what I'm seeing, it seems that the code does a good job at incorporating the condition. However, I don't see the two necessary fields in the search, or it could also be that as I said before, I'm a shell script newbie, so I haven't even learned Korn Shell Script so I can make the necessary changes. I mean in AWK, I managed to get it printing out every line that contained "joel", but when I feverishly tried to add the second field, "pts/0", that's when the problems began, as in not spitting out results at all and the usual parse errors that came with it. I think that's where I'm lagging right now: trying to search for lines containing multiple fields, handling fields with special characters such as the "/" in "pts/0", and finally, establishing a condition (i.e.: every line containing the two search fields before Jan. 19) so that I only get a specific type of lines containing multiple fields. I guess what I'm trying to say is: "Any other takers?"