Retrieve logs which were logged in last 5 min

June 16, 2011 at 03:30:24
Specs: sun os 5.10
HI,
I have a log file into which two types of entries get logged. INFO logs get appended at every 5 mins interval and ERROR logs which can be appended at any time. Below is the sample of Log file......


2011-06-16 03:10:56 INFO XXX
2011-06-16 03:10:56 INFO xxx
2011-06-16 03:12:56 ERROR xxx
2011-06-16 03:15:56 INFO xxx
2011-06-16 03:15:56 INFO xxx

I have cron job which will run a script every 5 mins. The job of the script is to retrieve the logs of the last 5 mins, check if there is any error log and send an alert mail. Can anyone suggest me how to retrieve logs of last 5 mins.
Note: If the job runs at say 03:16:00 then it should look for logs later than 03:11:00 even though there is no guaruntee that the logs will contain a record with time stamp 03:11:00


See More: Retrieve logs which were logged in last 5 min

Report •

#1
June 16, 2011 at 14:00:31
Your time is already close to the right format for building a year to minute datetime which will allow you to compare. I leave it to you to implement what happens when subtracting 5 minutes sends you into the prior hour, day, month, or year:

#!/bin/ksh

# cd <to your directory
sd=$(date  +'%Y%m%d%H%M')
# test system time
# sd=201106160316

# subtract 5 minutes
((sd=sd-5))

while read line
do
   set -- $(echo $line)
   if [ $# -eq 0 ]
   then
      continue # no blank lines in log file
   fi

   if [ $3 = "ERROR" ]
   then
      mydate=$(echo $1|sed 's/-//g')
      set -- $(IFS=":"; echo $2)
      # build the error datetime
      dt="${mydate}${1}${2}"
      # if the error time is within the window
      if [ $dt -gt $sd ]
      then
         # mail alert
          echo "$line"
      fi
   fi
done < data.txt
exit

# end script

Let me know if you have any questions.


Report •
Related Solutions


Ask Question