From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1DqiJM-0004VT-9t for garchives@archives.gentoo.org; Fri, 08 Jul 2005 02:09:52 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j6828uKB018072; Fri, 8 Jul 2005 02:08:56 GMT Received: from www.rout.co.nz (203-79-82-53.adsl-wns.paradise.net.nz [203.79.82.53]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j6825IgY018272 for ; Fri, 8 Jul 2005 02:05:19 GMT Received: from [192.168.1.2] (nick.rout.co.nz [192.168.1.2]) by www.rout.co.nz (Postfix) with ESMTP id 29F39CAA2F for ; Fri, 8 Jul 2005 14:04:18 +1200 (NZST) Date: Fri, 08 Jul 2005 14:04:18 +1200 From: Nick Rout To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Potential Supid question re Grep In-Reply-To: <42CDB2B6.9090307@asmallpond.org> References: <200507071918.27760.mike@thompsonmike.co.uk> <42CDB2B6.9090307@asmallpond.org> Message-Id: <20050708140212.F6EE.NICK@rout.co.nz> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.21 [en] X-Archives-Salt: 6f68cd12-bc23-41b6-b1c7-27d67cd0da71 X-Archives-Hash: 9e3a96a806f0371b03cf1a89f24cae5d On Fri, 08 Jul 2005 00:54:46 +0200 Richard Fish wrote: > Michael Thompson wrote: > > >I am trying to extract information in my logs for a abuse department and am > >using the code: > > > >Code: > > > >zcat /var/log/messages.*?.gz | grep 212.56.68.108 >> /home/mike/abuse1 > > > >The logs are standard: messages.??.gz > > > >However, when I examine the output, it starts on the 1st may, however the logs > >contain details from the 25th Febuary. What am I doing wrong? > > > > > > > > Are you *sure* the February information is not there?? I think this > probably has nothing to do with the grep command, but more with the > shell expansion. When I do "ls -l /var/log/messages.*?.gz", I get the > following: > > -rw------- 1 root root 696588 Feb 21 09:00 /var/log/messages.1.gz > -rw------- 1 root root 795675 Feb 14 15:40 /var/log/messages.2.gz > -rw------- 1 root root 491964 Feb 6 19:00 /var/log/messages.3.gz > -rw------- 1 root root 482189 Jan 31 05:10 /var/log/messages.4.gz > > Notice that the dates are in reverse order. If I were to cat those > together, the oldest information would be at the end. I think you want: > > zcat `ls -rt /var/log/messages.*?.gz` | grep 212.56.68.108 >> > /home/mike/abuse1 another potential problem is that if you have 10 or more rotated log files you will get them in the order: /var/log/messages.1.gz /var/log/messages.10.gz /var/log/messages.2.gz > > -Richard > > -- > gentoo-user@gentoo.org mailing list -- Nick Rout -- gentoo-user@gentoo.org mailing list