• Uncategorized

About linux : Extract-data-from-log-file-for-last-24-hours

Question Detail

I want to display logs for last 24 hours

I trid this but this is not best and dynamic way.

utmpdump /var/log/wtmp* | awk '/2022-09-22/, /2022-09-23/'

Any other way to display when you run script it should take last 24 hours

log file

[8] [528314] [    ] [        ] [pts/1       ] [                    ] [0.0.0.0        ] [2022-09-18T18:44:12,422480+00:00]
[8] [476233] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-18T19:25:11,585556+00:00]
[7] [544366] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T04:59:51,304439+00:00]
[8] [544366] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T04:59:51,517787+00:00]
[7] [544366] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T04:59:54,121598+00:00]
[8] [544366] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T04:59:54,361475+00:00]
[7] [544366] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T04:59:56,613335+00:00]
[8] [544366] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T04:59:56,810335+00:00]
[7] [544822] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T05:01:33,299161+00:00]
[8] [544822] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T05:01:33,572603+00:00]
[7] [544822] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T05:01:33,897001+00:00]
[8] [544822] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T05:01:34,152397+00:00]
[7] [544822] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T05:01:34,438247+00:00]
[8] [544822] [    ] [        ] [pts/0       ] [                    ] [0.0.0.0        ] [2022-09-19T05:01:34,696364+00:00]
[7] [544822] [ts/0] [centos  ] [pts/0       ] [92.46.127.82        ] [92.46.127.82   ] [2022-09-19T05:01:34,978371+00:00

Question Answer

Not necessarily exactly 24 hours (but your question also only filters for yesterday and today, regardless of the current hour), but perhaps you are looking for command substitution to substitute yesterday’s and today’s date?

utmpdump /var/log/wtmp* | awk "/$(date -I -dyesterday)/,/$(date -I)/"

With your shown samples please try following awk code. I am using GNU date flavor here. Also this code will print from yesterday’s date to till today’s date(ALL Logs, because if you simply put range /a/,/b/ then it will catch b’s 1st occurrence only but this code will print all lines of today’s date.

awk -v yesterdayDate=$(date -d '-1 day' '+%Y-%m-%d') -v todaysDate=$(date +%Y-%m-%d) '
index($0,yesterdayDate),index($0,todaysDate){
  print
  if(index($0,todaysDate)){
    found=1
  }
}
index($0,todaysDate) && found
'  Input_file 

You may also like...

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.