Date: Tue, 19 Feb 2013 23:34:21 +0100 From: b w <bw.mail.lists@gmail.com> To: freebsd-questions@freebsd.org Subject: convert date and time to epoch in awk Message-ID: <CAHM0YgvadWLRUNvyQzTj0b=YkfZAyzRRCTEyjByqXM9yXsynhg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I want to write a script that parses the last, say, 10 minutes of a log file looking for a certain string, like 'error', or failed', and returns how many times it shows up. The script would be run by Nagios and if it returns > 0 an alert is raised. Each line of the log file starts with a date like 'Feb 19 23:45:32'. One way to do it I guess would be to read each line in a while loop, extract the date, convert it into epoch using the date command, if it's within 10 minutes remember the line somewhere, then grep the result. I was thinking this might be too slow, or there may be too many lines at some point, but it might actually be acceptable if I tail the last few thousands lines. Anyway... Another way would be to use gawk, which has date/time functions like systime() and mktime(). This works fine, but someone like myself at some point will forget to install gawk on a new server and might not realize it untill something happens. So, is there a way to compare two dates in FreeBSD's awk or convert a date to epoch? Or some other fast way to select the last 10 minutes from a log file? An example would be appreciated, if possible.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHM0YgvadWLRUNvyQzTj0b=YkfZAyzRRCTEyjByqXM9yXsynhg>