Fast script to cut section of logfile based on timestamp

scripting log-files

I am looking for a fast script that will parse a large mail.log, and return the portion between two specified timestamps. I would like to run it on all of my mailservers, and have them copy the relevent log portions to a central location for further analysis.

I have written something in bash that works, but is slow.

Does anybody know of anything that already exists to accomplish this - or do I need to learn perl and make something up myself?

(I am not putting this on SO, as I am not yet at the point where I want to write any code - just looking for something somebody else is already using)


Solution 1:

I love awk :)

For my logs, which are in the format:

Jul 14 12:49:10 xxxxxx sendmail[31337]: ...........

I would use:

awk '$3 >= "12:00:00" && $3 <= "13:00:00" {print;}' < /var/log/maillog

Presumably you can adapt that as necessary, for instance if you don't split logs by day.

Bonus:

Apache format, which I happen to have kicking around:

xxx.xxx.xxx.xxx - - [01/Jul/2009:03:06:24 -0400] "GET /favicon.ico HTTP/1.1" 200 3638
awk '$4 >= "[01/Jul/2009:03:00:00" && $4 <= "[01/Jul/2009:04:00:00" {print;}' < access_log

Related

Website Recommendations [closed]
Trying to redirect a url to another page by IP range
Apache Server Performance Monitoring
sysadmin tutorials? [closed]
set the width of select2 input (through Angular-ui directive)
NSInvalidUnarchiveOperationException: Could not instantiate class named NSLayoutConstraint
MySQL Like multiple values
Detect click outside element
Android Studio - Android Emulator Wifi Connected with No Internet
jQuery/Javascript function to clear all the fields of a form [duplicate]
How to add an Android Studio project to GitHub [duplicate]
Find an object in array?