Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31

Thread: show only 30 minutes of log file

  1. #1
    Join Date
    Jul 2010
    Beans
    85

    show only 30 minutes of log file

    Hi,

    I want to see only last 30 minutes of log file, discard previous logs, only show latest 30 minutes log file. How it could possible.

  2. #2
    Join Date
    Sep 2006
    Beans
    7,637
    Distro
    Lubuntu Development Release

    Re: show only 30 minutes of log file

    Which logs? The specific format probably matters. I'm guessing awk will figure in the answer.

  3. #3
    Join Date
    Feb 2007
    Location
    West Hills CA
    Beans
    8,587
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: show only 30 minutes of log file

    You can use the tail command to display the last n lines:

    Code:
    tail -100 /var/log/syslog
    I don't know of a clean way to do it by time. You would have to write a script that parses the file and picks out the end time and computes 30 minutes previous then display that point forwards. This would not be trivial because each log file has a slightly different format.

    An easier, but clumsy method would be to make a distinctive log entry (or the log that you are interested in) every 1/2 hour then use grep/sed/awk to find that mark and display the file from the last mark to the end. Set up the script in a cronjob to run every 1/2 hour to add the mark.

    For example, syslogd puts a mark every 20 minutes, just to show that a system is still alive and running:


    -m interval
    The syslogd logs a mark timestamp regularly. The default interval between two -- MARK -- lines is 20 minutes. This can be changed with this option.
    Setting the interval to zero turns it off entirely. Depending on other log messages generated these lines may not be written consecutively.


    In /var/log/messages:

    Oct 1 08:32:38 tpad-Gloria7 syslogd 1.5.0#5ubuntu3: restart.
    Oct 1 09:02:28 tpad-Gloria7 -- MARK --
    Oct 1 09:22:28 tpad-Gloria7 -- MARK --

    This is helpful if your name is Mark, otherwise it is less useful if your name is Tim, or Bob, or Jim.
    Last edited by tgalati4; October 1st, 2013 at 05:35 PM.
    -------------------------------------
    Oooh Shiny: PopularPages

    Unumquodque potest reparantur. Patientia sit virtus.

  4. #4
    Join Date
    Jul 2010
    Beans
    85

    Re: show only 30 minutes of log file

    Quote Originally Posted by tgalati4 View Post
    You can use the tail command to display the last n lines:

    Code:
    tail -100 /var/log/syslog
    I don't know of a clean way to do it by time. You would have to write a script that parses the file and picks out the end time and computes 30 minutes previous then display that point forwards. This would not be trivial because each log file has a slightly different format.
    i want to check /var/log/messages for only last 30 minutes, wants to discard previous log. I also tried below command but no luck

    Code:
    sed -n "/^$(date --date='30 minutes ago' '+%b %d %H:')\\|^$(date --date='0 minutes ago' '+%b %d %H:')/p" logfile
    Code:
    Oct  1 19:20:18 server1 kernel: [ 4187.150615] sd 6:0:0:0: [sdb] Assuming drive cache: write through
    Oct  1 19:21:10 server1 kernel: [ 4238.860148] sd 6:0:0:0: [sdb] Test WP failed, assume Write Enabled
    Oct  1 19:21:10 server1 kernel: [ 4238.862415] sd 6:0:0:0: [sdb] Asking for cache data failed
    Oct  1 19:21:10 server1 kernel: [ 4238.862421] sd 6:0:0:0: [sdb] Assuming drive cache: write through
    Oct  1 19:22:02 server1 kernel: [ 4290.572145] sd 6:0:0:0: [sdb] Test WP failed, assume Write Enabled
    Oct  1 19:22:02 server1 kernel: [ 4290.574250] sd 6:0:0:0: [sdb] Asking for cache data failed
    Oct  1 19:22:02 server1 kernel: [ 4290.574256] sd 6:0:0:0: [sdb] Assuming drive cache: write through
    Oct  1 19:22:54 server1 kernel: [ 4342.284094] sd 6:0:0:0: [sdb] Test WP failed, assume Write Enabled
    Oct  1 19:22:54 server1 kernel: [ 4342.286210] sd 6:0:0:0: [sdb] Asking for cache data failed
    Oct  1 19:22:54 server1 kernel: [ 4342.286216] sd 6:0:0:0: [sdb] Assuming drive cache: write through

  5. #5
    Join Date
    Sep 2006
    Beans
    7,637
    Distro
    Lubuntu Development Release

    Re: show only 30 minutes of log file

    Ok. Here's a guess at syslog.

    Code:
    awk -v date=$(date -d "30 minutes ago" +"%T") '$3 >= date { print $0 }' /var/log/syslog
    We use -v to set a variable in awk before we start based on the output of "date". From there it's just a simple comparison of the 3rd field/column.

  6. #6
    Join Date
    Jul 2010
    Beans
    85

    Re: show only 30 minutes of log file

    It is showing log from 29 september till now.

  7. #7
    Join Date
    Sep 2006
    Beans
    7,637
    Distro
    Lubuntu Development Release

    Re: show only 30 minutes of log file

    It gets tricky as the time rolls over at midnight.

  8. #8
    Join Date
    Jul 2010
    Beans
    85

    Re: show only 30 minutes of log file

    What about below command, can you please advise, it is also not working

    Code:
    sed -n "/^$(date --date='30 minutes ago' '+%b %d %H:')\\|^$(date --date='0 minutes ago' '+%b %d %H:')/p" /var/log/syslog
    Last edited by learnbash; October 1st, 2013 at 06:04 PM.

  9. #9
    Join Date
    Sep 2006
    Beans
    7,637
    Distro
    Lubuntu Development Release

    perl

    sed won't really do it, I think. It would have to be something more complex. I initially though awk, but with the problem of the clock rolling over at midnight and syslog not using numeric months, the solution is probably a small perl script. The module Date::Calc does proper time differences.

  10. #10
    Join Date
    Jul 2010
    Beans
    85

    Re: show only 30 minutes of log file

    so can you help me in that @perl

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •