如何使用bash迭代我的日志文件的最后5分钟

时间:2014-11-06 13:07:58

标签: linux bash

我有大量的xferlog,我正在尝试解析它。我的日志文件是这样的:

Wed Nov  5 16:41:36 2014 1 10.8.0.6 0 /home/spy/16.41.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:42:07 2014 1 10.8.0.6 0 /home/spy/16.42.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:43:45 2014 1 10.8.0.6 0 /home/spy/16.43.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:44:34 2014 1 10.8.0.6 0 /home/spy/16.44.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:45:57 2014 1 10.8.0.6 0 /home/spy/16.45.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:46:52 2014 1 10.8.0.6 0 /home/spy/16.46.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:46:55 2014 1 10.8.0.6 0 /home/spy/16.46.2.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:47:23 2014 1 10.8.0.6 0 /home/spy/16.47.txt b _ i r spy ftp 0 * c

我的bash脚本读取日志文件(同时所有行)并执行某些操作。我需要在没有最后5分钟的日志文件中运行我的脚本(不是最后几行,因为我不知道有多少行)。

我该怎么办?

这样的Bash脚本:

 #!/bin/bash

 while read -r ...
 do
 ... 
 done < $LOG

我的第二个问题,我怎样才能传递最后5分钟间隔的行:

日志:

Wed Nov  5 16:41:36 2014 1 10.8.0.6 0 /home/spy/16.41.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:42:07 2014 1 10.8.0.6 0 /home/spy/16.42.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:43:45 2014 1 10.8.0.6 0 /home/spy/16.43.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:44:34 2014 1 10.8.0.6 0 /home/spy/16.44.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:44:59 2014 1 10.8.0.6 0 /home/spy/16.44.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:45:00 2014 1 10.8.0.6 0 /home/spy/16.45.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:46:52 2014 1 10.8.0.6 0 /home/spy/16.46.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:46:55 2014 1 10.8.0.6 0 /home/spy/16.46.2.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:47:23 2014 1 10.8.0.6 0 /home/spy/16.47.txt b _ i r spy ftp 0 * c

最后一行16:47:23。我需要通过16:45:00-16:49:59线。我需要打印:

Wed Nov  5 16:41:36 2014 1 10.8.0.6 0 /home/spy/16.41.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:42:07 2014 1 10.8.0.6 0 /home/spy/16.42.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:43:45 2014 1 10.8.0.6 0 /home/spy/16.43.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:44:34 2014 1 10.8.0.6 0 /home/spy/16.44.txt b _ i r spy ftp 0 * c
Wed Nov  5 16:44:59 2014 1 10.8.0.6 0 /home/spy/16.44.txt b _ i r spy ftp 0 * c

所以当我有这样的新行:

Wed Nov  5 16:50:00 2014 1 10.8.0.6 0 /home/spy/16.50.txt b _ i r spy ftp 0 * c

我需要通过16:50:00-16:54:59。

1 个答案:

答案 0 :(得分:2)

由于您说您的文件非常大,因此您不希望为每一行解析并调用date,这将非常慢。这使得使用具有日期解析功能的语言解析文件。这是一些perl:

perl -MTime::Piece -MTime::Seconds -Mautodie -e '
    sub entry_time {
        Time::Piece->strptime(substr(shift, 0, 24),"%a %b %e %T %Y");
    }

    $filename = shift;
    $last_line = qx{ tail -n1 $file };
    $last_time = entry_time $last_line;
    $five_minutes_ago = $last_time - 5*ONE_MINUTE;

    open $fh, "<", $filename;
    while (<$fh>) {
        $time = entry_time $_;
        last if $time > $five_minutes_ago;
        print;
    }
    close $fh;
' xferlog

使用bash 

entry_time() {
    date -d "$(cut -c 1-24 <<< "$1")" +%s
}

LOG=xferlog
cutoff=$(( $(entry_time "$(tail -n1 "$LOG")") - 5*60 ))

while IFS= read -r line; do
    t=$(entry_time "$line")
    (( t > cutoff )) && break
    echo "$line"
done < "$LOG"
相关问题
最新问题