From owner-freebsd-questions@FreeBSD.ORG Wed Feb 20 00:11:20 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id A46B7E5B for ; Wed, 20 Feb 2013 00:11:20 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id 779E8257 for ; Wed, 20 Feb 2013 00:11:19 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.16]) by ltcfislmsgpa03.fnfis.com (8.14.5/8.14.5) with ESMTP id r1K0BIr6029309 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 19 Feb 2013 18:11:18 -0600 Received: from dtwin (10.242.182.124) by smtp.fisglobal.com (10.132.206.16) with Microsoft SMTP Server (TLS) id 14.2.309.2; Tue, 19 Feb 2013 18:11:18 -0600 From: Sender: Devin Teske To: "'b w'" , References: In-Reply-To: Subject: RE: convert date and time to epoch in awk Date: Tue, 19 Feb 2013 16:11:08 -0800 Message-ID: <00df01ce0efe$c98f8030$5cae8090$@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQDzhcHqE/NYPOA2SVwjtNoCVdVak5o272cQ Content-Language: en-us X-Originating-IP: [10.242.182.124] X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.9.8327, 1.0.431, 0.0.0000 definitions=2013-02-19_05:2013-02-19,2013-02-18,1970-01-01 signatures=0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2013 00:11:20 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of b w > Sent: Tuesday, February 19, 2013 2:34 PM > To: freebsd-questions@freebsd.org > Subject: convert date and time to epoch in awk > > I want to write a script that parses the last, say, 10 minutes of a log > file looking for a certain string, like 'error', or failed', and returns > how many times it shows up. The script would be run by Nagios and if it > returns > 0 an alert is raised. Each line of the log file starts with a > date like 'Feb 19 23:45:32'. > > One way to do it I guess would be to read each line in a while loop, > extract the date, convert it into epoch using the date command, if it's > within 10 minutes remember the line somewhere, then grep the result. I was > thinking this might be too slow, or there may be too many lines at some > point, but it might actually be acceptable if I tail the last few thousands > lines. Anyway... > > Another way would be to use gawk, which has date/time functions like > systime() and mktime(). This works fine, but someone like myself at some > point will forget to install gawk on a new server and might not realize it > untill something happens. > > So, is there a way to compare two dates in FreeBSD's awk or convert a date > to epoch? Or some other fast way to select the last 10 minutes from a log > file? An example would be appreciated, if possible. Converting a date to an epoch is easy with date(1) (note: awk can make a system call and read back the stdout into a variable). For example, if I want to convert the date: Fri 01 Feb 2013 into an epoch using: date -j -f "%a %d %b %Y" "Fri 01 Feb 2013" +%s The output of which is the following epoch: 1359763497 Doing this all from awk: echo "Fri 01 Feb 2013" | awk ' { mydate = $0 "date -j -f \"%a %d %b %Y\" \"" mydate "\" +%s" | getline myepoch print mydate " = " myepoch }' Hope this helps. -- Devin P.S. Be careful that log files often (a) rotate and (b) contain "last message repeated N times" which can throw off your counts. Things I have solved before and am willing to share if you're interested. _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.