Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > Logfile scanning assistance

Reply
Thread Tools

Logfile scanning assistance

 
 
Jim
Guest
Posts: n/a
 
      06-24-2004
Hi

I have a logfile where I need to do the following:

1. Scan the logfile
2. If a date and time are found at the beginning of a line
a. Check 8 lines below, if the 8th line below has the following string
"Foo", then
i. save the date/time from Step 2 in alternate logfile
ii. save the 8th line down in alternate logfile
3. Continue scanning logfile/repeat

Perl is not my speciality, so if anyone has any suggestions on how best
to accomplish this, it would be greatly appreciated. Thanks.

Jim

 
Reply With Quote
 
 
 
 
Jim
Guest
Posts: n/a
 
      06-24-2004
Thanks for the suggestions and assistance. I have been working on this
since and come up with the following:

#!/usr/local/bin/perl

$logfile = "/opt/sample.log";

open (LOG, $logfile)
or die "Can't open logfile, $!\n";
@reverse_logfile = reverse <LOG>;

open (MYLOG, ">/opt/processed.log")
or die "Can't open my logfile, $!\n";

for $line (@reverse_logfile) {
if ( $line =~ m|(Current recvd)| ) {
$goodstuff = $line;
}
if ( $line =~ m|(\d{4}-\d{2}-\d{2})| ) {
$date = $line;
}
print MYLOG $user, $date;
}

Here's a sample.log:

2004-06-23 12:11:22 Wrote 27 bytes
2004-06-23 12:11:22 length 12
2004-06-23 12:11:22 blocking
12:12:30 processing logfile
12:13:22 appending logfile
12:13:22 reticulating splines
12:13:22 initiating connection
12:13:22 receiving connection
12:14:57 ending connection
Max recvd: 20
Current recvd: 1
2004-06-23 12:16:44 Wrote 23 bytes
2004-06-23 12:16:44 length 5
2004-06-23 12:16:44 blocking
12:17:11 processing logfile
12:17:11 appending logfile
12:17:11 reticulating splines
12:17:11 initiating connection
12:17:11 receiving connection
12:18:38 ending connection
Max recvd: 20
Current recvd: 5

I thought it would be easier to reverse the logfile, find a 'Current
recvd' line and then find the first timestamp after it.

The bit I'm having problems with is I'm picking up all the timestamps,
rather than the first one after 'Current recvd' is matched. How can I
only match one timestamp?

Thanks.

Jim

 
Reply With Quote
 
 
 
 
J. Gleixner
Guest
Posts: n/a
 
      06-24-2004
Jim wrote:
> Thanks for the suggestions and assistance. I have been working on this
> since and come up with the following:
>
> #!/usr/local/bin/perl

use strict;
use warnings;
>
> $logfile = "/opt/sample.log";

my $logfile = '/opt/sample.log';
>
> open (LOG, $logfile)

open (LOG, "<$logfile")
> or die "Can't open logfile, $!\n";
> @reverse_logfile = reverse <LOG>;
>
> open (MYLOG, ">/opt/processed.log")
> or die "Can't open my logfile, $!\n";
>

my $recvd_found;

> for $line (@reverse_logfile) {

foreach (reverse <LOG> )

> if ( $line =~ m|(Current recvd)| ) {

No need to capture the match.
if ( m|^Current recvd| )
> $goodstuff = $line;

$recvd_found=1;
next;
> }
> if ( $line =~ m|(\d{4}-\d{2}-\d{2})| ) {

if ($recvd_found && m|\d{4}-\d{2}-\d{2}|)
{
print MYLOG "$user $_"; #what's $user??
$recvd_found=0;
next; # If you only want the last one in the file, then no need for
above line and change this to last;
}

don't need the following 3 lines
> $date = $line;
> }
> print MYLOG $user, $date;
> }

close MYLOG;
close LOG;
>
> Here's a sample.log:
>
> 2004-06-23 12:11:22 Wrote 27 bytes
> 2004-06-23 12:11:22 length 12
> 2004-06-23 12:11:22 blocking
> 12:12:30 processing logfile
> 12:13:22 appending logfile
> 12:13:22 reticulating splines
> 12:13:22 initiating connection
> 12:13:22 receiving connection
> 12:14:57 ending connection
> Max recvd: 20
> Current recvd: 1
> 2004-06-23 12:16:44 Wrote 23 bytes
> 2004-06-23 12:16:44 length 5
> 2004-06-23 12:16:44 blocking
> 12:17:11 processing logfile
> 12:17:11 appending logfile
> 12:17:11 reticulating splines
> 12:17:11 initiating connection
> 12:17:11 receiving connection
> 12:18:38 ending connection
> Max recvd: 20
> Current recvd: 5
>
> I thought it would be easier to reverse the logfile, find a 'Current
> recvd' line and then find the first timestamp after it.
>
> The bit I'm having problems with is I'm picking up all the timestamps,
> rather than the first one after 'Current recvd' is matched. How can I
> only match one timestamp?
>
> Thanks.
>
> Jim
>

 
Reply With Quote
 
Joe Smith
Guest
Posts: n/a
 
      06-28-2004
Jim wrote:

> for $line (@reverse_logfile) {
> if ( $line =~ m|(Current recvd)| ) {
> $goodstuff = $line;
> }
> if ( $line =~ m|(\d{4}-\d{2}-\d{2})| ) {
> $date = $line;
> }
> print MYLOG $user, $date;


So why are you printing $user and not $goodstuff?
-Joe
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Logfile analysis API Andreas Java 0 05-10-2005 06:53 PM
How to access logfile directory path from IIS =?Utf-8?B?TXVubnU=?= ASP .Net 0 04-22-2005 04:34 PM
Is there a d/l logfile in Win XP Pro? Jeff Computer Support 1 07-22-2004 07:34 AM
Help analyze HijackThis logfile, Please Cynthia K. Computer Support 7 07-15-2004 01:02 AM
Logfile Nick Withers Computer Support 1 11-18-2003 11:35 AM



Advertisments