0

i making a script in python for reading the last 5 minutes of a log file, this is my code so far

from datetime import datetime, timedelta

now = datetime.now()
before = timedelta(minutes=5)
now = now.replace(microsecond=0)
before = (now-before)
now = (now.strftime("%b %d %X"))
before = (before.strftime("%b %d %X"))
print(before)
print(now)

with open('user.log','r') as f:
    for line in f:
        if before in line:
            break

    for line in f:
        if now in line:
            break
        print (line.strip())

the output is Sep 03 11:47:25 Sep 03 11:52:25 which is the print to check if the time is correct, nearly 100 lines in the log that has it but dont bring me nothing, if i take the ifs out then print all the lines which proves the problem is on the if...

any ideas?

here is a exemple of my log file content:

Sep 03 10:18:47 bni..........teagagfaesa.....
Sep 03 10:18:48 bni..........teagagfaesa.....2
LastDeath
  • 13
  • 5
  • Python 2.6 was released October 2008. You *really* should be thinking about a platform upgrade, probably to Python 3 which is the currently recommended and supported version of the language. – tripleee Sep 03 '18 at 15:22
  • yeah sry i dont explained, python on my machine is 3.6 but i need to use python on a machine that i cant upgrade and since i cant upgrade from 2.6 i need to tried with this version or via shell/bash, i have 3.4 also on another machine that i can ssh remote to execute, the problem is not the version since i testing on both versions – LastDeath Sep 03 '18 at 15:46
  • The fundamental flaw is that building a static string of the timestamp will only work if the log contains an entry at exactly that time. You need to go the other way around, convert each log line's timestamp to a machine-readable representation and then you can trivially compare to the cutoff. – tripleee Sep 03 '18 at 15:48
  • If you're not particularly hellbent on solving this in (paleolithic) Python, possible duplicate of https://stackoverflow.com/questions/7706095/filter-log-file-entries-based-on-date-range – tripleee Sep 03 '18 at 15:51
  • im not that good on shell awk -vDate=`date -d'now-5 minutes' +[%d/%b/%Y:%H:%M:%S` ' { if ($0 > Date) print Date FS $0}' access.log ok i tried this command to print the whole line the problem is that i dont get the "tail" -5 minutes i get all everything else from 10am to 8pm – LastDeath Sep 03 '18 at 15:57
  • That's reimplementing the same error in Awk. Just `print` prints the whole line if that's what you want; but the logic is deeply flawed in that comparing dates (in particular in a wacky format like that) doesn't do what you hope. – tripleee Sep 03 '18 at 16:02
  • yeah then is no good for me. i need to find a way to fix the before and now then cause the if looks like its not reading correct. any other idea how to find only the last 5 minutes of a log file? via shell/bash,python anything if i cant fix today i will start to go further from what was ask me to do with what i can – LastDeath Sep 03 '18 at 16:14
  • I repeat, Awk (or Python) is fine *if you do the right motions* but you're not doing that. Anyway, see my answer now. – tripleee Sep 03 '18 at 16:22

1 Answers1

0

I managed to find a Python even older than yours.

#!/usr/bin/env python

from __future__ import with_statement
from datetime import datetime, timedelta

before = timedelta(minutes=5)
now = datetime.now().replace(microsecond=0, year=1900)
before = (now-before)

with open('user.log','r') as f:
    for line in f:
        if datetime.strptime(line[0:15], '%b %d %X') < before:
            continue
        print line.strip()

The change compared to your code is that we convert each time stamp from the file into a datetime object; then we can trivially compare these properly machine-readable representations the way you'd expect (whereas without parsing the dates, it can't work, except by chance -- "Sep" comes after "Aug" but "Sep" comes after "Oct", too; so it seems to work if you run it in a suitable month, but then breaks the next month!)

The year=1900 hack is because strptime() defaults to year 1900 for inputs which don't have a year.

tripleee
  • 175,061
  • 34
  • 275
  • 318
  • tried but gave me a empy return on screen, i remove the continue just to check and prints everything – LastDeath Sep 03 '18 at 16:25
  • I tested it on local log files and it behaves according to my expectations. Are your logs in UTC by any chance? What do you expect to print? Maybe add a debug print before the `continue` to see what it's skipping. – tripleee Sep 03 '18 at 16:28
  • sorry never debbug before so for my its greek,so by debbuging on my vm that has py2.6 its stuck on Intervalo.py(10)() -> if datetime.strptime(line[0:15], '%b %d %X') < before: it keeps going on the 12 interaction and then resets to the 10 interaction of for – LastDeath Sep 03 '18 at 16:48
  • Its not on UTC, i expect to print all the lines from ex:10:10:00 to 10:15:00 , i have a copy of a log that contains a whole day worth of data so 00:00 to 23:59, i only cut to 10+ hours, every line has up to 5 error msgs i will use zabbix to control the execution and manipulation of the data – LastDeath Sep 03 '18 at 16:57
  • You don't need a debugger, just add a print of the parsed date so you can see why it's skipping those lines. If you have never programmed before, I'm afraid you are in way over your head. If you still can't solve this, probably post a new question with *precisely* the code you are running and *precisely* some log lines, some of which should be printed, and some not. See also the [mcve] guidance from the [help]. – tripleee Sep 03 '18 at 17:07