From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.43)
	id 1DqfII-0004Me-CK
	for garchives@archives.gentoo.org; Thu, 07 Jul 2005 22:56:34 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j67Mtd26008526;
	Thu, 7 Jul 2005 22:55:39 GMT
Received: from smtp104.mail.sc5.yahoo.com (smtp104.mail.sc5.yahoo.com [66.163.169.223])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j67Mpw1D008249
	for <gentoo-user@lists.gentoo.org>; Thu, 7 Jul 2005 22:51:59 GMT
Received: (qmail 62741 invoked from network); 7 Jul 2005 22:52:00 -0000
Received: from unknown (HELO ?192.168.50.105?) (richard?j?fish@212.180.33.26 with plain)
  by smtp104.mail.sc5.yahoo.com with SMTP; 7 Jul 2005 22:52:00 -0000
Message-ID: <42CDB2B6.9090307@asmallpond.org>
Date: Fri, 08 Jul 2005 00:54:46 +0200
From: Richard Fish <bigfish@asmallpond.org>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050623)
X-Accept-Language: en-us, en
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Potential Supid question re Grep
References: <200507071918.27760.mike@thompsonmike.co.uk>
In-Reply-To: <200507071918.27760.mike@thompsonmike.co.uk>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: ec94e9bf-1bdd-4651-9655-4976d7ac8f88
X-Archives-Hash: dee9d673dc1fedad71a3a9dfb53e9a4d

Michael Thompson wrote:

>I am trying to extract information in my logs for a abuse department and am 
>using the code:
>
>Code:
>
>zcat /var/log/messages.*?.gz | grep 212.56.68.108 >> /home/mike/abuse1
>
>The logs are standard: messages.??.gz
>
>However, when I examine the output, it starts on the 1st may, however the logs 
>contain details from the 25th Febuary. What am I doing wrong?
>
>  
>

Are you *sure* the February information is not there??  I think this
probably has nothing to do with the grep command, but more with the
shell expansion.  When I do "ls -l /var/log/messages.*?.gz", I get the
following:

-rw-------  1 root root 696588 Feb 21 09:00 /var/log/messages.1.gz
-rw-------  1 root root 795675 Feb 14 15:40 /var/log/messages.2.gz
-rw-------  1 root root 491964 Feb  6 19:00 /var/log/messages.3.gz
-rw-------  1 root root 482189 Jan 31 05:10 /var/log/messages.4.gz

Notice that the dates are in reverse order.  If I were to cat those
together, the oldest information would be at the end.  I think you want:

zcat `ls -rt /var/log/messages.*?.gz` | grep 212.56.68.108 >>
/home/mike/abuse1

-Richard

-- 
gentoo-user@gentoo.org mailing list