Hi I am trying to write a script to check the log files for the trancactions based on usr input date and user input user id. I will take the user input userid and user input date and check there are any creation deletion happened, if so mail it other wise say no transactions; I got user input date and the log files, i am at user input date, not sure how to take both date and userid to check the log file the logfiles are located in /export/home/$ENV/audit/audit4567 audit4567 can be opened with vi, cat or more has lines like: 2005-03-23 16:00:55 SYNIFSSS006003I1 49219 Provisioning Transaction Created by dc6728(USER ID) 2005-03-23 16:00:56 SYNIFSSS006070I1 49219 Provisioning Transaction Description: Provisioning by cd6728: Create, classname=SI VXVPNAccessPath, name=Site 2005-03-23 16:00:56 SYNIFSSS006006I1 49219 Provisioning Transaction Opened by cd6728 2005-03-23 16:00:56 SYNIFSSS126003I1 49219 Provisioning Transaction 49219 processing with pid 3538 in /netprov/env7/server/lo g/output/2005-03-22.13:02:42/SYCCSServer_3538.0 2005-03-23 16:01:00 SYNIFSSS006011I1 49219 VPN Access Path: VPN Access Path Created by cd6728 2005-03-23 16:01:01 SYNIFSSS006011I1 49219 Endpoint: Endpoint Created by cd6728 2005-03-23 16:01:01 SYNIFSSS006011I1 49219 IP over ATM Interface: / SBCIS / GSR10 / ATM7/3.10 Created by cd6728 2005-03-23 16:01:02 SYNIFSSS006011I1 49219 ATM: ATM Created by cd6728 I need to take userinput date to match this date and userid to match the userid here and check for the key words like create,modify,update or delete and send an e-mail Thanks, Gundu

As confusing as it sounded at first, it seems like this should be pretty easy. I am assuming that each entry above is on its own line, with the date as the first string. I am also assuming you are looking for entries that have both the date and the username specified on the line. ##Your script would take two inputs read date read userid ##Then you search grep $date audit4567 | grep -i $userid Explanation of above line. The first grep will look for the date (make sure you specify format so it searches properly). The results of the first grep will then be used to search for the userID. That should be enough to get you started. Tinker with that and post any more problems/questions you may have. Also if my assumptions are incorrect, please post that as well.

Thanks, it is working, now i should try for some key words like success, delete and upload in the log file. Thanks, Gundu

I am tryin for keyword Created with the grep tried this but didn't work if [ `grep $xxx|Created files | grep -i $UserId` -gt 0 ]; then Mail ****@***.com else echo Wrong User id fi I need help with grep on multiple fields Thanks, Gundu

use "grep -c pattern" if you want an integer returned that you can compare to 0.

grep doesn't allow for multiple fields. Check egrep instead of grep if you want to use grep on multiple fields.