From owner-freebsd-questions@FreeBSD.ORG Tue Feb 19 22:34:22 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 34A44783 for ; Tue, 19 Feb 2013 22:34:22 +0000 (UTC) (envelope-from bw.mail.lists@gmail.com) Received: from mail-pb0-f45.google.com (mail-pb0-f45.google.com [209.85.160.45]) by mx1.freebsd.org (Postfix) with ESMTP id 04E0FC2B for ; Tue, 19 Feb 2013 22:34:21 +0000 (UTC) Received: by mail-pb0-f45.google.com with SMTP id ro8so2483997pbb.18 for ; Tue, 19 Feb 2013 14:34:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=D4J0JoHYZjTbBZfVkh0+9zm93t8XPSOUdFpUArSgiRs=; b=vTevzsX+OCsTWJXt0lizmQ1kL/uRmsyfDP8wvdqyYIGfXRWix8ChoxZbqtaT24CZc/ fZeW3+X535fPsLOdwCZXfMN0hQHTE1BwW30OyqeeJRmEhjlnJ7lnWHlCiXRXqm6fKmDP o5r8aghiFM/Kr3UH954AYCzmNkgFSJc75PYt6TnRrlvPF6BMbib7JZfy850W5fuWsuJs t5JzcdSmJa9+c33JugMZh8/cpZRN9x72NB6LLfu8Qqpft2s33FIZG8F6PUZi1JeI1B8X GK38xeUuQD2/pEm1Ib2olJX55QYZmullgkdC285g4wLadaFGPv7m9Yd2AFh4KHMg4x9h K7aQ== MIME-Version: 1.0 X-Received: by 10.68.0.129 with SMTP id 1mr44532375pbe.63.1361313261256; Tue, 19 Feb 2013 14:34:21 -0800 (PST) Received: by 10.66.75.202 with HTTP; Tue, 19 Feb 2013 14:34:21 -0800 (PST) Date: Tue, 19 Feb 2013 23:34:21 +0100 Message-ID: Subject: convert date and time to epoch in awk From: b w To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2013 22:34:22 -0000 I want to write a script that parses the last, say, 10 minutes of a log file looking for a certain string, like 'error', or failed', and returns how many times it shows up. The script would be run by Nagios and if it returns > 0 an alert is raised. Each line of the log file starts with a date like 'Feb 19 23:45:32'. One way to do it I guess would be to read each line in a while loop, extract the date, convert it into epoch using the date command, if it's within 10 minutes remember the line somewhere, then grep the result. I was thinking this might be too slow, or there may be too many lines at some point, but it might actually be acceptable if I tail the last few thousands lines. Anyway... Another way would be to use gawk, which has date/time functions like systime() and mktime(). This works fine, but someone like myself at some point will forget to install gawk on a new server and might not realize it untill something happens. So, is there a way to compare two dates in FreeBSD's awk or convert a date to epoch? Or some other fast way to select the last 10 minutes from a log file? An example would be appreciated, if possible.