Posted: Tue 06 Oct 2009, 08:00 Post_subject:
Log file analysis based on time range
I am a beginner in shell programming in Unix. My current problem is log file analysis based on a given time range for listed dates. The file is a long file and I need to sort IPs based on a user input through terminal. For example, from the end of the logfile since it's sorted according to the date then I assume it should be converted e.g. the last date (date+%s) to timestamp and then subtract the value that user inserts by using switches -H(hours = h*3600 ) or -D(day = d*24*3600 ) and then compare by starting from the end of log file to reach the desired result. Any help on this as an example would be appreciated:
Example: user inputs: -H 12
last date in logfile = last row in logfile = 22 Oct 2002 21:02:33 +0200
convert it by using: date -d "22 Oct 2002 21:02:33 +0200" +%s subtract using to timestamp
timestamp - (12*3600) = X, means the date which is 12 hours later so you need all records from the end of logfile till this date.
The format example of the log file for each line is as follows:
172.16.0.3 - - [31/Mar/2002:19:30:41 +0200] "GET / HTTP/1.1" 200 123 "" "Mozilla/5.0 (compatible; Konqueror/2.2.2-2; Linux)"
I’ however managed to sort and group IPs without giving any range using uniq and sort tools, but based on date and user switches is somewhat difficult to get over with. A code sample or weblink for further help to list IPs based on "hours range input by user" in shell would be of great help.