On Fri, 08 Jul 2005 00:54:46 +0200 Richard Fish wrote: > Michael Thompson wrote: > > >I am trying to extract information in my logs for a abuse department and am > >using the code: > > > >Code: > > > >zcat /var/log/messages.*?.gz | grep 212.56.68.108 >> /home/mike/abuse1 > > > >The logs are standard: messages.??.gz > > > >However, when I examine the output, it starts on the 1st may, however the > >logs > >contain details from the 25th Febuary. What am I doing wrong? > > > > > > > > Are you *sure* the February information is not there?? I think this > probably has nothing to do with the grep command, but more with the > shell expansion. When I do "ls -l /var/log/messages.*?.gz", I get the > following: > > -rw------- 1 root root 696588 Feb 21 09:00 /var/log/messages.1.gz > -rw------- 1 root root 795675 Feb 14 15:40 /var/log/messages.2.gz > -rw------- 1 root root 491964 Feb 6 19:00 /var/log/messages.3.gz > -rw------- 1 root root 482189 Jan 31 05:10 /var/log/messages.4.gz > > Notice that the dates are in reverse order. If I were to cat those > together, the oldest information would be at the end. I think you want: > > zcat `ls -rt /var/log/messages.*?.gz` | grep 212.56.68.108 >> > /home/mike/abuse1
another potential problem is that if you have 10 or more rotated log files you will get them in the order: /var/log/messages.1.gz /var/log/messages.10.gz /var/log/messages.2.gz > > -Richard > > -- > gentoo-user@gentoo.org mailing list -- Nick Rout -- gentoo-user@gentoo.org mailing list
