我想查看特定时间(即10:00至13:00)的日志。
- 操作系统:redhat 6
- 日志:/ var / log / messages
- 时间戳:11月10日10:00至13:00
我已经尝试过以下命令,但是没有运气:
sed -n '/Nov 10 10:00:01/,/Nov 10 13:30:09/p' /var/log/messages
获取特定时间的/ var / log / mesages
•
问答
loveniba 回答:获取特定时间的/ var / log / mesages
您可以使用awk轻松做到这一点:
[root@test httpd]# cat /var/log/messages |awk '$0>="Nov 11 00:26:00" && $0<="Nov 11 00:28:00"'
Nov 11 00:26:15 test named[3224]: REFUSED unexpected RCODE resolving '30.145.232.49.in-addr.arpa/PTR/IN': 58.129.247.39#53
Nov 11 00:26:16 test named[3224]: REFUSED unexpected RCODE resolving '30.145.232.49.in-addr.arpa/PTR/IN': 211.153.19.1#53
Nov 11 00:26:16 test named[3224]: REFUSED unexpected RCODE resolving '30.145.232.49.in-addr.arpa/PTR/IN': 58.129.247.39#53
Nov 11 00:26:16 test named[3224]: REFUSED unexpected RCODE resolving '30.145.232.49.in-addr.arpa/PTR/IN': 211.153.19.1#53
Nov 11 00:26:36 test script.sh: sending incremental file list
Nov 11 00:26:36 test script.sh: trace-2019-11-11-00-25-16-1573424716.pcap
Nov 11 00:26:38 test script.sh: sent 6,979,522 bytes received 43 bytes 1,994,161.43 bytes/sec
Nov 11 00:26:38 test script.sh: total size is 6,977,686 speedup is 1.00
Nov 11 00:27:39 test script.sh: sending incremental file list
Nov 11 00:27:39 test script.sh: trace-2019-11-11-00-26-16-1573424776.pcap
Nov 11 00:27:41 test script.sh: sent 6,817,012 bytes received 43 bytes 2,726,822.00 bytes/sec
Nov 11 00:27:41 test script.sh: total size is 6,815,216 speedup is 1.00
[root@test httpd]#