Grepping a date/time range within a log file...

Hi,

I've got a new project where I need to identify messages in a log file that occur every morning between 0230 and 0300 and then append this info to another file that I am monitoring using BMC Patrol. I have done this kind of extensive grep before so I am hoping that I can get some help. I am running this on SunOS 5.10 Generic using the standard system grep command. The layout of the file looks like this:

02-18-2008 02:23:32 INFO com.fred.flintstone.log.Log - some message

So in this case everything on 2/18 from 0230 to 0300 needs to be pulled from the main log and appended to a different log file elsewhere on the box. If anyone has any suggestions on the best syntax on how to grab everything on that specific range that would be a big help.

Thanks,

Jon

I'd create a variable with the date in the right format, then use that and append any needed time component to it for the grep (probably a grep -e or egrep). One question - is it up to or up to and including 03:00?
so - 02:30-02:59 or 02:30-03:00 that you need?

For the sake of making the search the easiest we'll say up to but not including 0300. What I am looking for is the syntax needed to make searching within this range possible. I was thinking the same thing you were regarding the variable because of the difference in the way the OS normally displays the date and time but I am lost on how to search within a range (never done that before )

Thanks,

J.

The simple answer is cheat!
We know the date is 'fixed' in the variable, and we know the hours is always going to be 02:<something> so all we need worry about is the <something> and that, to cover times from 02:30 to 02:59 needs just be 3, 4, or 5.
Thus, look into a regexp that will find "<date in your format> 02:[345]" as the start of a line, and you are done and dusted.

Thank-you sooo much that completely works for what I am doing with it Now just one more question:

What if I were to want to be able to grep multiple hours so per the original request let's say I needed to also include 0300 as part of the range, how would the search string change? I mean what would the new search look like?

Thanks man,

J.

Ok, well the start part, being the date would remain the same - let us hope!, so we are on to a good start here.
Then we'd need to make the hour component a variable like was done with the date - populating it with "02" in the first instance, along with the minutes part of "[345]" - all as before.

To roll in a new time to check, just chnage th ehour variable - to in the case - "03" and the minutes to match. If you wanted to capture 03:00-03:09 your just put "0" in the minutes variable, if you only wanted 03:00 your put "00" in.