我尝试在2月份使用冒号从syslog中找到定义日期的错误。但是grep在所有情况下都没有运气:
%grep "18:18:25" /var/log/messages # I need Feb %grep "*:18:25" /var/log/messages # I need Feb %grep "^*:18:25" /var/log/messages # I need Feb %grep "^.*:18:25" /var/log/messages # I need Feb %grep -e "^.*18:18:25" /var/log/messages # I need Feb %grep -e "^.18:18:25" /var/log/messages # I need Feb %grep -e "^18:18:25" /var/log/messages # I need Feb %grep -e "^Feb.18:18:25" /var/log/messages %grep -e "^Feb.:18:25" /var/log/messages %grep -e "^Feb.*:18:25" /var/log/messages
可能存在更多的健全计划吗?
答案 0 :(得分:0)
尝试了我的本地日志,它的工作原理。以下是消息日志
**[root@applekm ~]# cat /var/log/messages**
Feb 9 03:40:04 applekm kernel: imklog 4.6.2, log source = /proc/kmsg started.
Feb 9 03:40:04 applekm rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="2077" x-info="http://www.rsyslog.com"] (re)start
Feb 9 03:40:24 applekm rhsmd: This system is registered to RHN Classic
Feb 10 03:10:03 applekm rhsmd: This system is registered to RHN Classic
Feb 11 03:14:28 applekm rhsmd: This system is registered to RHN Classic
Feb 11 11:59:28 applekm abrt[31046]: saved core dump of pid 31032 (/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java) to /var/spool/abrt/ccpp-2014-02-11-11:59:27-31032.new/coredump (590483456 bytes)
Feb 11 11:59:28 applekm abrt[31046]: /var/spool/abrt is 1738308913 bytes (more than 1279 MB), deleting 'ccpp-2014-01-07-20:49:05-7481'
Feb 12 03:49:07 applekm rhsmd: This system is registered to RHN Classic
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 03:44:47 applekm rhsmd: This system is registered to RHN Classic
Feb 13 12:10:01 applekm auditd[2050]: Audit daemon rotating log files
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:49 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:49 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 14 03:14:18 applekm rhsmd: This system is registered to RHN Classic
使用grep本身,寻找一个模式/ ^ Feb Date /(即)从2月开始的行,空格和所需日期以及一个空格。
[root@applekm ~]# grep "^Feb 13 " /var/log/messages
Feb 13 03:44:47 applekm rhsmd: This system is registered to RHN Classic
Feb 13 12:10:01 applekm auditd[2050]: Audit daemon rotating log files
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:49 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:49 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
[root@applekm ~]#
[root@applekm ~]#
[root@applekm ~]# grep "^Feb 14 " /var/log/messages
Feb 14 03:14:18 applekm rhsmd: This system is registered to RHN Classic
[root@applekm ~]#