0

I want to extract some information from the access log file that matches a keyword and between two dates. For ex. I want to find log entries between two dates that contains text "passwd". For now, I am using the following command but not getting the correct results:

fgrep "passwd" * | awk '$4 >= "[20/Aug/2017" && $4 <= "[22/Aug/2017"'

Date format is [22/Feb/2017:17:28:42 +0000].

I have searched and look at this post too extract data from log file in specified range of time but not exactly understand how to use it.

Edits:

Following are the example entries of the access log files,
xxx-access_log:xx.xx.xx.xx - - [22/Feb/2017:17:30:02 +0000] "GET /cms/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=/etc/passwd%00 HTTP/1.1" 404 39798
xxx-access_log:xx.xx.xx.xx - - [22/Feb/2017:17:31:12 +0000] "GET /cgi-bin/libs/smarty_ajax/index.php?_=&f=update_intro&page=../../../../../../../../../../../../../../../../../../etc/passwd%00 HTTP/1.1" 404 30083
xxx-access_log:xx.xx.xx.xx - - [22/Feb/2017:17:31:19 +0000] "GET /download/libs/smarty_ajax/index.php?_=&f=update_intro&page=../../../../../../../../../../../../../../../../../../etc/passwd%00 HTTP/1.1" 404 27982
xxx-access_log:xx.xx.xx.xx - - [22/Feb/2017:17:31:24 +0000] "GET /sites/libs/smarty_ajax/index.php?_=&f=update_intro&page=../../../../../../../../../../../../../../../../../../etc/passwd%00 HTTP/1.1" 404 35256
xxx-access_log:xx.xx.xx.xx - - [22/Feb/2017:17:28:32 +0000] "GET /modx/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=/etc/passwd%00 HTTP/1.1" 404 6956
xxx-access_log:xx.xx.xx.xx - - [22/Feb/2017:17:28:42 +0000] "GET /modx/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=/etc/passwd%00 HTTP/1.1" 404 6956

Thanks for help in advance!

Anurag
  • 555
  • 3
  • 10
  • Can you provide us an **input** example than contains your pattern? – Shakiba Moshiri Aug 23 '17 at 15:43
  • @k-five I have added example entries of the log file. Can you help now? – Anurag Aug 24 '17 at 04:47
  • On your input data ths: `perl -lne '$/=undef;print $& if /17:31:12.*(passwd).*17:31:24/smg' file` one-liner gets some stuff between to time. You can change them with date. Is it what you want? | or [see it online](https://regex101.com/r/oufk3A/1) – Shakiba Moshiri Aug 25 '17 at 13:27
  • I want search between two date range like all entries between 15 Aug to 20 Aug should show. Also, i am using ubuntu 14.04 and need a shell commands like sed, awk, grep or combination of two. – Anurag Aug 25 '17 at 13:30
  • you have **perl** do not worry – Shakiba Moshiri Aug 25 '17 at 13:32

1 Answers1

1

The link you quoted would be used if you know 2 specific strings that appear in your log file. That command will search for the first string and display all lines until it finds the second string and then stops.

In your case, if you want generic date manipulation, you might be better off with perl and one of the date/time modules. Most (if not all) of those have built-in date comparison routines, and many of them will take the date in almost any format imaginable ... and the ones that don't typically provide the ability to specify the date format.

(If you're just using dates and not using times, then Date::EzDate is my favorite, and probably the easiest to learn and implement quickly.)

Shell commands are probably not going to do a good job of date manipulation.

hymie
  • 1,982
  • 1
  • 13
  • 18
  • can you help with a command as i didn't understand that post in context of my requirements? Also, as i said the string to search is "passwd" and entries should be between two given dates. – Anurag Aug 24 '17 at 04:49