Question 26708 in CentOS Question posted in
The official documentation can be found here.

Extract data from log file for last 24 hours – CentOS

I want to display logs for last 24 hours

I trid this but this is not best and dynamic way.

utmpdump /var/log/wtmp* | awk '/2022-09-22/, /2022-09-23/'

Any other way to display when you run script it should take last 24 hours

log file

[8] [528314] [    ] [        ] [pts/1       ] [                    ] [0.0.0.0        ] [2022-09-18T18:44:12,422480+00:00]
[8] [476233] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-18T19:25:11,585556+00:00]
[7] [544366] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T04:59:51,304439+00:00]
[8] [544366] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T04:59:51,517787+00:00]
[7] [544366] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T04:59:54,121598+00:00]
[8] [544366] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T04:59:54,361475+00:00]
[7] [544366] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T04:59:56,613335+00:00]
[8] [544366] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T04:59:56,810335+00:00]
[7] [544822] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T05:01:33,299161+00:00]
[8] [544822] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T05:01:33,572603+00:00]
[7] [544822] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T05:01:33,897001+00:00]
[8] [544822] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T05:01:34,152397+00:00]
[7] [544822] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T05:01:34,438247+00:00]
[8] [544822] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T05:01:34,696364+00:00]
[7] [544822] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T05:01:34,978371+00:00
Tags:

3

Answers


  1. 0

    Not necessarily exactly 24 hours (but your question also only filters for yesterday and today, regardless of the current hour), but perhaps you are looking for command substitution to substitute yesterday’s and today’s date?

    utmpdump /var/log/wtmp* | awk "/$(date -I -dyesterday)/,/$(date -I)/"
    Login or Signup to reply.
  2. 0

    With your shown samples please try following awk code. I am using GNU date flavor here. Also this code will print from yesterday’s date to till today’s date(ALL Logs, because if you simply put range /a/,/b/ then it will catch b’s 1st occurrence only but this code will print all lines of today’s date.

    awk -v yesterdayDate=$(date -d '-1 day' '+%Y-%m-%d') -v todaysDate=$(date +%Y-%m-%d) '
index($0,yesterdayDate),index($0,todaysDate){
  print
  if(index($0,todaysDate)){
    found=1
  }
}
index($0,todaysDate) && found
'  Input_file
    Login or Signup to reply.
  3. 0

    GNU AWK has functions for working with time, mktime does turn string compliant with format

    YYYY MM DD HH MM SS

    into number of seconds since epoch, systime does give number of seconds since epoch now. Your format might be easily reworked into mktime‘s one, consider following simple example, let file.txt content be

    [stuff] [2022-09-18T18:44:12,422480+00:00]
[anotherstuff] [2022-09-18T19:25:11,585556+00:00]
[yetanotherstuff] [2022-09-19T04:59:51,304439+00:00]

    then

    awk '{gsub(/[-T:]/," ",$NF);s=mktime(substr($NF,2,19));print s}' file.txt

    gives output

    1663519452
1663521911
1663556391

    which might be easily used to select – just take element for which found value is bigger or equal to systime() minus 86400 (24 hours expressed in seconds)

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search