I add this line on rsyslog.conf:
if $msg contains 'arpwatch' then /var/log/test.log
The problem is if I a have simultaneous lines of logs containing the expression (arpwatch), then tonly the first line is logged and the others aren't.
How I can modify my expression to write to the log if i have simultaneous lines containing "arpwatch"?
If these lines are sent to rsyslog:
2012 Nov 10 09:56:34 alienvault->/var/log/syslog Nov 10 09:56:34 alienvault arpwatch_eth0: chdir(/usr/arpwatch): No such file or directory
2012 Nov 10 09:56:34 alienvault->/var/log/syslog Nov 10 09:56:34 alienvault arpwatch_eth0: (using current working directory)
2012 Nov 10 09:56:34 alienvault->/var/log/syslog Nov 10 09:56:34 alienvault arpwatch_eth0: pcap open eth0: eth0: No such device exists (SIOCGIFHWADDR: No such device)
then on /var/log/test.log i have this line:
2012 Nov 10 09:56:34 alienvault->/var/log/syslog Nov 10 09:56:34 alienvault arpwatch_eth0: chdir(/usr/arpwatch): No such file or director
and the others are ignored
You check the msg property of rsyslog for the pattern arpwatch - but it's really only in the logged message... the arpwatch_eth0 is not part of msg
$template usermsg,"%TIMESTAMP% %HOSTNAME% %programname% %syslogfacility-text%.%syslogseverity-text% :%msg:::sp-if-no-1st-sp%%msg::drop-last-lf%\n"
$ActionFileDefaultTemplate usermsg
if $programname == 'arpwatch' and $msg contains 'arpwatch' then /var/log/test.log
Related
I was writing perl and run it in window system pretty good .
But when i transfer the perl script from windows system to Linux.
And run in Linux system , i get wrong date/time.
Need some help. Thanks.
The source code in Perl
if (($file =~ m/(\d)(\S+)\.csv/) && ($flag == 0))
{
open(para_file,$file);
$datetime_string = ctime( stat($file)->ctime );
while ($line=<para_file>)
{
if ($line =~ /0\,170\,16\,/)
{
$cal = $cal + 1;
}
}
push(#data,"$cal");
push(#data,"$datetime_string");
}
$file will be my file name. The windows date & time on create are correct but don't understand why in LINUX it give me the wrong date & time.
Output of generation , from windows
9023-0 50000 5111 10.22 Mon Jul 21 17:44:38 2014
9023-2 100000 23251 23.25 Fri Apr 11 10:12:19 2014
9024_AHG 5000 0 0.00 Thu Nov 27 15:28:55 2014
Output of generation , from linux
9023-0 50000 5111 10.22 Thu Jul 30 16:45:25 2015
9023-2 100000 23251 23.25 Thu Jul 30 16:45:25 2015
9024_AHG 5000 0 0.00 Thu Jul 30 16:45:25 2015
The problem here isn't what you're doing, it's that you misunderstand what ctime is. Linux filesystems record a change time not a creation time.
mtime denotes modification of file content. ctime denotes modification of attributes. As a result, they may well be the same number.
However what you cannot get is "create time" because the EXT filesystem doesn't record it. (Other filesystem formats may - NTFS for example - but I'm not sure I'd suggest using NTFS on a Linux box!)
I got a log from remote linux computer. It looks like:
2013-10-23T08:19:05+0300 Last login: Wed Oct 23 08:17:38 EEST 2013 from 10.9.167.55 on pts/0
2013-10-23T08:19:05+0300 Last login: Wed Oct 23 08:19:05 2013 from 10.9.167.55^M
2013-10-23T08:19:07+0300 ^[[?1034h-bash-4.1$ date
2013-10-23T08:19:07+0300 Wed Oct 23 08:19:07 EEST 2013
2013-10-23T08:19:08+0300 -bash-4.1$ ls
2013-10-23T08:19:08+0300 ^[[0m^[[01;34m99^[[0m #avail.info ^[[01;34mgmoTemp^[[0m raml21.dtd SNMP4JTestAgentBC.cfg
2013-10-23T08:19:08+0300 an_mainHost_localhost_20131023081654000136.xml #avail.info~ gsh.txt ^[[01;34mresults^[[0m
2013-10-23T08:19:09+0300 ^[[m-bash-4.1$ exit
2013-10-23T08:19:09+0300 logout
But it should be:
Last login: Wed Oct 23 08:17:38 EEST 2013 from 10.9.167.55 on pts/0
Last login: Wed Oct 23 08:19:05 2013 from 10.9.167.55
-bash-4.1$ date
Wed Oct 23 08:19:07 EEST 2013
-bash-4.1$ ls
99 #avail.info gmoTemp raml21.dtd SNMP4JTestAgentBC.cfg
an_mainHost_localhost_20131023081654000136.xml #avail.info~ gsh.txt results
-bash-4.1$ exit
logout
The messy codes are terminal control escape sequences, you can use command "infocmp xterm" and "man terminfo" to get more details.
My question is how can I remove these terminal control escape sequences in the file?
Thanks a lot!
Simple way to remove most parts of the control character is using the command below in vim:
:%s/<escape-key>\[[0-9;]*m/ /g
Press Ctrl+V followed by esc-key for the <escape-key> character above. Everything else is the same literal key as in your keyboard.
i use a pipe or direct sed like this
sed 's/[^[:print:]]\[[^a-zA-Z]*[a-zA-Z]//g' YourFile
I solved this issue using lots of regular expressions according to http://invisible-island.net/xterm/ctlseqs/ctlseqs.html
I have a script that basically runs tmux ls:
session1: 3 windows (created Fri Sep 20 13:16:13 2013) [157x56]
stuff: 3 windows (created Fri Sep 20 13:25:21 2013) [157x56]
asdf: 2 windows (created Sun Sep 29 23:06:33 2013) [77x17] (attached)
website: 1 windows (created Tue Sep 24 17:22:14 2013) [157x26]
I want the output of this script to be aligned at the colon, for readability. I know to use column -t but it doesn't quite do what I want (note the double spacing, and that the colons aren't actually aligned):
session1: 3 windows (created Fri Sep 20 13:16:13 2013) [157x56]
stuff: 3 windows (created Fri Sep 20 13:25:21 2013) [157x56]
asdf: 2 windows (created Sun Sep 29 23:06:33 2013) [77x17] (attached)
website: 1 windows (created Tue Sep 24 17:22:14 2013) [157x26]
Here's the output I really want:
session1 : 3 windows (created Fri Sep 20 13:16:13 2013) [157x56]
stuff : 3 windows (created Fri Sep 20 13:25:21 2013) [157x56]
asdf : 2 windows (created Sun Sep 29 23:06:33 2013) [77x17] (attached)
website : 1 windows (created Tue Sep 24 17:22:14 2013) [157x26]
What's the easiest/best way to achieve this in the Linux shell?
Edit: If you want to test your answer, you can use curl -s nylen.tv/tmux.txt instead of tmux ls.
With GNU sed you can specify the occurrence of the match so where s/ +/ /g would single space the whole file s/ +/ /2g single spaces the whole file but after the second match on each line:
$ column -t file | sed -re 's/: ( +)/\1: /' -e 's/ +/ /2g'
session1 : 3 windows (created Fri Sep 20 13:16:13 2013) [157x56]
stuff : 3 windows (created Fri Sep 20 13:25:21 2013) [157x56]
asdf : 2 windows (created Sun Sep 29 23:06:33 2013) [77x17] (attached)
website : 1 windows (created Tue Sep 24 17:22:14 2013) [157x26]
To sort out the first columns spacing we use s/: ( +)/\1: / to match all the spaces from the : and we store n-1 spaces in the first capture group. We then replace the : and all the spaces with n-1 spaces followed by a : followed by a space (making n total space again).
How about this?
cat tmux.txt | sed 's/:/ : /' | column -t -o' ' | sed 's/ \+/ /2g'
session1 : 3 windows (created Fri Sep 20 13:16:13 2013) [157x56]
stuff : 3 windows (created Fri Sep 20 13:25:21 2013) [157x56]
asdf : 2 windows (created Sun Sep 29 23:06:33 2013) [77x17] (attached)
website : 1 windows (created Tue Sep 24 17:22:14 2013) [157x26]
I have a timestamped log file that I am watching. Every so often the log writes a message, "OK"
How could I capture the number of "OK"s written per second? E.g. output like
10.5 OK/sec
9 OK/sec
20 OK/sec
The log is pretty big, its not practical to do a grep on the entire file. I started with
tail -f my.log | grep OK
which is helpful but doesn't quite get me the rate.
Thanks!
First solution below is great (and other is good too), I altered it a bit and this is what I came up with
tail -f my.log | perl -lne 'if(/(\d+:\d+:\d+).*OK/) { print $1; }'| uniq -c
When your log is in form like:
Wed Jul 10 22:44:00 CEST 2013 OK
Wed Jul 10 22:44:00 CEST 2013 OK
Wed Jul 10 22:44:00 CEST 2013 OK
Wed Jul 10 22:44:00 CEST 2013 OK
Wed Jul 10 22:44:01 CEST 2013 OK
Wed Jul 10 22:44:01 CEST 2013 OK
Wed Jul 10 22:44:01 CEST 2013 OK
Wed Jul 10 22:44:01 CEST 2013 OK
Wed Jul 10 22:44:01 CEST 2013 OK
Wed Jul 10 22:44:01 CEST 2013 OK
Wed Jul 10 22:44:01 CEST 2013 OK
Wed Jul 10 22:44:01 CEST 2013 OK
so, in form timestamp OK, you can try the simple:
tail -f logfile | uniq -c
and you will get the next result:
4 Wed Jul 10 22:44:00 CEST 2013 OK
8 Wed Jul 10 22:44:01 CEST 2013 OK
^
+---- number of OK in the same timestamp
Here's a quick script to do it:
#! /bin/bash
log="/var/log/messages"
seconds="1"
filter="OK"
while true; do
echo "$(timeout $seconds tail -n0 -f $log|grep $filter|wc -l) OK/sec"
done
There's a bit of a race condition where it might lose one or two lines during the loop, but it is unlikely. Also, not every Linux distro has timeout installed by default, so you might want to check.
I want to view the ORA errors in alertlogfile of past 7 (monday-sunday)days,
by writting in shell scripts.
Can anybody help me.
Thanks
Something like:
sed -n -e '/start_time/,/end_time/ {/ORA/ p}' logfile
or with awk
$ start="Fri Feb 27 08:00:00 2009"
$ end="Fri Mar 6 08:00:00 2009"
$ awk -v prev="$start" -v last="$end" '$0 ~ prev,$0 ~ last' logfile
A more sophisticated script looking for last date entries in ORA file is available here, but also at dba-oracle.com
This does not answer exactly your request but might give you some clues to start your own script.
I want the scripts which give output as follows (one week errors) and it should be mail to my id.
Sat Mar 14 10:30:51 IST 2009
ORA-01157: cannot identify/lock data file 2 - see DBWR trace file
Sat Mar 12 12:35:06 IST 2009
ORA-01110: data file 2: '/u02/oradata/Globe/undotbs01.dbf'
Sat Mar 10 09:54:05 IST 2009
ORA-27037: unable to obtain file status
Sat Mar 08 :15:02 IST 2009
ORA-1157 signalled during: ALTER DATABASE OPEN...
Sat Mar 07 12:35:51 IST 2009
ORA-01157: cannot identify/lock data file 2 - see DBWR trace file