Log file analysis based on time range

For discussions about programming, programming questions/advice, and projects that don't really have anything to do with Puppy.
Post Reply
Message
Author
UniBoy
Posts: 1
Joined: Tue 06 Oct 2009, 11:47

Log file analysis based on time range

#1 Post by UniBoy »

I am a beginner in shell programming in Unix. My current problem is log file analysis based on a given time range for listed dates. The file is a long file and I need to sort IPs based on a user input through terminal. For example, from the end of the logfile since it's sorted according to the date then I assume it should be converted e.g. the last date (date+%s) to timestamp and then subtract the value that user inserts by using switches -H(hours = h*3600 ) or -D(day = d*24*3600 ) and then compare by starting from the end of log file to reach the desired result. Any help on this as an example would be appreciated:
Example: user inputs: -H 12
last date in logfile = last row in logfile = 22 Oct 2002 21:02:33 +0200
convert it by using: date -d "22 Oct 2002 21:02:33 +0200" +%s subtract using to timestamp
timestamp - (12*3600) = X, means the date which is 12 hours later so you need all records from the end of logfile till this date.
The format example of the log file for each line is as follows:
172.16.0.3 - - [31/Mar/2002:19:30:41 +0200] "GET / HTTP/1.1" 200 123 "" "Mozilla/5.0 (compatible; Konqueror/2.2.2-2; Linux)"
I’ however managed to sort and group IPs without giving any range using uniq and sort tools, but based on date and user switches is somewhat difficult to get over with. A code sample or weblink for further help to list IPs based on "hours range input by user" in shell would be of great help.

amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#2 Post by amigo »

convert and use 'unix time' to calculate differences. unix time is the number of seconds that have elapsed since Jan 1 1970.
You can tell sort to sort by a certain column.

Post Reply