Home > OS >  Printing logs between date range where date in format i.e-"13-Oct-2022 12:00"
Printing logs between date range where date in format i.e-"13-Oct-2022 12:00"

Time:11-02

My log file looks like this:

01-Nov-2022 10:13:36 CDOTCEM CLI: USER=root            COMMAND=configure_system_firewall no                                                                              
01-Nov-2022 10:13:38 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/iptables --policy OUTPUT ACCEPT                                     
01-Nov-2022 10:13:38 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/iptables --policy INPUT ACCEPT                                      
01-Nov-2022 10:13:38 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/iptables -F                                                         
01-Nov-2022 10:13:38 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/iptables-save                                                       
01-Nov-2022 10:14:21 CDOTCEM CLI: USER=root            COMMAND=configure_system_ntp_server 192.168.1.98 12.1.4.2                                                         
01-Nov-2022 10:14:21 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/rm /tmp/1.dmp                                                            
01-Nov-2022 10:14:21 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/rm /tmp/1.dmp                                                            
01-Nov-2022 10:14:26 CDOTCEM CLI: USER=root            COMMAND=configure_system_apply_configuration                                                                      
01-Nov-2022 10:14:29 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/sbin/reboot                                                                  
01-Nov-2022 10:14:29 CDOTCEM sshd[27216]:  pam_unix(sshd:session): session closed for user root                                                                          
01-Nov-2022 10:14:29 CDOTCEM sshd[27216]:  pam_warn(sshd:setcred): function=[pam_sm_setcred] service=[sshd] terminal=[ssh] user=[root] ruser=[<unknown>] rhost=[192.168.2
01-Nov-2022 10:14:57 CDOTCEM: SELF-TEST Passed                                                                                                                           
01-Nov-2022 10:15:19 CDOTCEM ipsec_starter[12235]:  Starting strongSwan 5.7.2-nistpqc IPsec [starter]...                                                                 
01-Nov-2022 10:15:20 CDOTCEM ipsec_starter[12306]:  charon (12310) started after 820 ms                                                                                  
01-Nov-2022 10:28:13 CDOTCEM: SELF-TEST Passed                                                                                                                           
31-Oct-2022 10:31:07 CDOTCEM ipsec_starter[7199]:  Starting strongSwan 5.7.2-nistpqc IPsec [starter]...                                                                  
31-Oct-2022 10:31:07 CDOTCEM ipsec_starter[7273]:  charon (7278) started after 520 ms                                                                                    
31-Oct-2022 11:58:50 CDOTCEM sshd[13011]:  PAM unable to dlopen(/lib/security/pam_cracklib.so): /lib/security/pam_cracklib.so: cannot open shared object file: No such fi
31-Oct-2022 11:58:50 CDOTCEM sshd[13011]:  PAM adding faulty module: /lib/security/pam_cracklib.so                                                                       
31-Oct-2022 11:58:50 CDOTCEM sshd[13011]:  PAM _pam_init_handlers: no default config /etc/pam.d/other                                                                    
31-Oct-2022 11:58:53 CDOTCEM sshd[13057]:  pam_warn(sshd:auth): function=[pam_sm_authenticate] service=[sshd] terminal=[ssh] user=[root] ruser=[<unknown>] rhost=[192.168
31-Oct-2022 11:58:53 CDOTCEM sshd[13057]:  pam_unix(sshd:account): account root has password changed in future

I want to print logs that are in between two dates specified by user. The log file is not sorted. Kindly suggest any way. awk command is not working correctly

I tried using awk command but it is giving wrong output

awk '$0>=from&&$0<=to' from="$start date" to="$end_date" auditfile

It gives wrong output if file is not sorted.

CodePudding user response:

  • update 1 : had to add strange string-coercion at the substr() to work around nawk compatibility issue - now it's working on gawk, mawk-1, mawk-2, and nawk

————

function __(_) {  #  input - Eng. month names, any casing, min. 3 letters
                  # output - MM : [01-12], zero-padded
    return \
    ((_=toupper(_)) ~ "^[OND]" ? "" : _<_) \
    int(index("=ANEBARPRAYUNULUGEPCTOVEC", substr(_ "",_ =_^=_<_,_))/_)
}

The reference string might look odd at first -

the 2nd 3rd letters of month names constitute a unique set

The dd and yyyy components are already in the needed form, so with this function, one could make YYYYMMDD without running it through mktime(), strftime(), or both

CodePudding user response:

Using any awk:

$ cat tst.awk
BEGIN {
    beg = fmt(beg)
    end = fmt(end)
}
{ cur = fmt($1) }
(beg <= cur) && (cur <= end)

function fmt(date,      d,mthNr) {
    split(date,d,/-/)
    mthNr = (index("JanFebMarAprMayJunJulAugSepOctNovDec",d[2]) 2)/3
    return sprintf("ddd", d[3], mthNr, d[1])
}


$ awk -v beg='10-Oct-2022' -v end='05-Nov-2022' -f tst.awk file
01-Nov-2022 10:13:36 CDOTCEM CLI: USER=root            COMMAND=configure_system_firewall no                                                    
01-Nov-2022 10:13:38 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/iptables --policy OUTPUT ACCEPT           
01-Nov-2022 10:13:38 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/iptables --policy INPUT ACCEPT            
01-Nov-2022 10:13:38 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/iptables -F                               
01-Nov-2022 10:13:38 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/iptables-save                             
01-Nov-2022 10:14:21 CDOTCEM CLI: USER=root            COMMAND=configure_system_ntp_server 192.168.1.98 12.1.4.2                               
01-Nov-2022 10:14:21 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/rm /tmp/1.dmp                                  
01-Nov-2022 10:14:21 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/rm /tmp/1.dmp                                  
01-Nov-2022 10:14:26 CDOTCEM CLI: USER=root            COMMAND=configure_system_apply_configuration                                            
01-Nov-2022 10:14:29 CDOTCEM sudo:      root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/sbin/reboot                                        
01-Nov-2022 10:14:29 CDOTCEM sshd[27216]:  pam_unix(sshd:session): session closed for user root                                                
01-Nov-2022 10:14:29 CDOTCEM sshd[27216]:  pam_warn(sshd:setcred): function=[pam_sm_setcred] service=[sshd] terminal=[ssh] user=[root] ruser=[<unknown>] rhost=[192.168.2
01-Nov-2022 10:14:57 CDOTCEM: SELF-TEST Passed                                                                                                 
01-Nov-2022 10:15:19 CDOTCEM ipsec_starter[12235]:  Starting strongSwan 5.7.2-nistpqc IPsec [starter]...                                       
01-Nov-2022 10:15:20 CDOTCEM ipsec_starter[12306]:  charon (12310) started after 820 ms                                                        
01-Nov-2022 10:28:13 CDOTCEM: SELF-TEST Passed                                                                                                 
31-Oct-2022 10:31:07 CDOTCEM ipsec_starter[7199]:  Starting strongSwan 5.7.2-nistpqc IPsec [starter]...                                        
31-Oct-2022 10:31:07 CDOTCEM ipsec_starter[7273]:  charon (7278) started after 520 ms                                                          
31-Oct-2022 11:58:50 CDOTCEM sshd[13011]:  PAM unable to dlopen(/lib/security/pam_cracklib.so): /lib/security/pam_cracklib.so: cannot open shared object file: No such fi
31-Oct-2022 11:58:50 CDOTCEM sshd[13011]:  PAM adding faulty module: /lib/security/pam_cracklib.so                                             
31-Oct-2022 11:58:50 CDOTCEM sshd[13011]:  PAM _pam_init_handlers: no default config /etc/pam.d/other                                          
31-Oct-2022 11:58:53 CDOTCEM sshd[13057]:  pam_warn(sshd:auth): function=[pam_sm_authenticate] service=[sshd] terminal=[ssh] user=[root] ruser=[<unknown>] rhost=[192.168
31-Oct-2022 11:58:53 CDOTCEM sshd[13057]:  pam_unix(sshd:account): account root has password changed in future

Page link:https//www.codepudding.com/os/596148.html

Prev:Angular typescript : How to optimize for loop inside for loop
Next:Can someone point out where the error is happening when I call this variable outside the loop?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding