4

I have a server that I cannot access the log files directly. For security reasons, access to the logs is via a script that executes the less command.

The contents of the log file are similar to:

08:03:52,143 DEBUG sessionid1111111 [za.co.phuthib.Service1] (http-/0.0.0.0:8905-4) initialiseProperties(): currentDate: 20160812
08:03:52,143 DEBUG sessionid1111111 [za.co.phuthib.Service1] (http-/0.0.0.0:8905-4) cached object found
08:03:52,143 INFO  sessionid1111111 [za.co.phuthib.Service2] (http-/0.0.0.0:8905-4) passphrase: 243989895859385938394583945839548983423488234
08:03:52,143 INFO  sessionid1111111 [za.co.phuthib.Service2] (http-/0.0.0.0:8905-4) chanellID: [CHANNELID]
08:03:52,144 INFO  sessionid1111111 [za.co.phuthib.Service3] (http-/0.0.0.0:8905-4) POST: /za/co/phuthib/retrieveProductList/
08:03:52,144 INFO  sessionid1111111 [za.co.phuthib.Service3] (http-/0.0.0.0:8905-4) Input: {"id":"3989349"}
08:03:52,812 INFO  sessionid1111111 [za.co.phuthib.Service3] (http-/0.0.0.0:8905-4) Response code [200 OK])

The server accepts many requests from many users and as such one needs to search through the file to find the information they need.

I am able to search for sessionid1111111 and am also able to search for za.co.phuthib.Service3 independantly.

I am trying to search for za.co.phuthib.Service3 and sessionid1111111. I tried it with regular expressions but cannot seem to get it working, for example:

/sessionid1111111[\s]Service3
Sato Katsura
  • 3,066
  • 15
  • 21
Phuthib
  • 1,326
  • 2
  • 13
  • 20
  • 1
    Do you mean something like `/\vsessionid1+ +\[za\.co\.phuthib\.Service3\]`? – Wiktor Stribiżew Aug 12 '16 at 09:38
  • 1
    Or `:g/sessionid1111111//Service3` ? – dNitro Aug 12 '16 at 09:48
  • Wiktor Stribiżew Thank you I can get the results I want with this approach. dNitro, your solution is more elegant and I would prefer that as its easier to remember but I cannot get it working – Phuthib Aug 12 '16 at 09:53
  • Did you notice that its a **command** and not a **regex**?!!! It simply selects all lines that includes *sessionid1111111* and search for *Service3* by this lines through `/Service3`. – dNitro Aug 12 '16 at 10:01
  • Mind that *elegant* does not always mean *precise*. However, if you search for literals, you really should be using a command like dNitro's one, and it is working. – Wiktor Stribiżew Aug 12 '16 at 10:08
  • I think I'm missing something. When I do :g in the less command gives me a prompt – Phuthib Aug 12 '16 at 10:32
  • 1
    Try `/sessionid1111111.*Service3`. `[\s]` matches just a single whitespace character. – Barmar Aug 12 '16 at 10:35
  • Thank you Barmar, that works perfectly and easy to remember as well – Phuthib Aug 12 '16 at 10:44
  • @Phuthib: But with `.*` you will match *any* line that contains sessionid1111111` and `Service3` even if the `Service3` is not part of the `phuthib` value in the square brackets. Can you afford your pattern to be that imprecise? – Wiktor Stribiżew Aug 12 '16 at 11:51
  • My objective is to identify Service3 calls made by sessionid1111111. This works well for the case. I was also able to run it with /sessionid1111111.*za\.co\.phuthib\.Service3 to add some precission – Phuthib Aug 12 '16 at 11:58

1 Answers1

1

The regex pattern that is precise (will match only the Service3 in the [...] with phuthib inside:

sessionid1111111 +\[za\.co\.phuthib\.Service3]

Note that here, + matches 1 or more spaces, \[ matches a literal [ and a \. matches a literal ..

If you do not need that level of precision, just use

sessionid1111111.*Service3

or a shorter

sessionid1{7}.*Service3

Where .* matches 0+ chars, as many as possible, and 1{7} matches seven consecutive 1 chars.

Note that sessionid1{7}.*Service3 will also find a match in sessionid111111111122234567 [za.co.phuthib.Service1] (http-/0.0.0.0:8905-4) Input: {"name":"Service3"}, that is why I strongly recommend making your pattern as precise as can be.

Wiktor Stribiżew
  • 607,720
  • 39
  • 448
  • 563
  • With more experience now, I now usually use the none greedy version: sessionid1111111.*?Service3 The ? character will return the first occurring Service3 after sessionid1111111 – Phuthib Feb 27 '18 at 06:28
  • 1
    @Phuthib Congratulations. Lazy and greedy quantifiers are actually [a very well known topic here](https://stackoverflow.com/questions/2301285/what-do-lazy-and-greedy-mean-in-the-context-of-regular-expressions). Common dupes for the questions sounding "why does my pattern match to the last occurrence..." are [this one](https://stackoverflow.com/questions/22444/) and [this one](https://stackoverflow.com/questions/2503413). Now, time to learn [tempered greedy token](http://stackoverflow.com/questions/24640154/). More info on [tempered greedy token](https://stackoverflow.com/questions/30900794). – Wiktor Stribiżew Feb 27 '18 at 07:37