关于日志审查
时间:2010-09-19
来源:互联网
我想做一个关于查询日志中在一段时间内是否存在某一个字符串的工作 具体的日志形势如下
Sep 19 09:39:19 localhost kernel: imklog 3.22.1, log source = /proc/kmsg started.
Sep 19 09:39:19 localhost rsyslogd: [origin software="rsyslogd" swVersion="3.22.1" x-pid="1565" x-info="http://www.rsyslog.com"] (re)start
Sep 19 09:47:36 localhost firefox: gethostby*.getanswer: asked for "vod.lzu.edu.cn.localdomain", got "wx.redirect.local"
Sep 19 09:47:36 localhost firefox: gethostby*.getanswer: asked for "vod.lzu.edu.cn", got "wx.redirect.local"
Sep 19 11:47:51 localhost kernel: npviewer.bin[7338] general protection ip:116f57c sp:bfddc9c0 error:0 in libflashplayer.so[dfd000+994000]
Sep 19 11:48:10 localhost firefox: gethostby*.getanswer: asked for "vod.lzu.edu.cn", got "wx.redirect.local"
Sep 19 11:49:25 localhost firefox: gethostby*.getanswer: asked for "vod.lzu.edu.cn", got "wx.redirect.local"
Sep 19 11:49:25 localhost firefox: gethostby*.getanswer: asked for "vod.lzu.edu.cn", got "wx.redirect.local"
Sep 19 12:28:35 localhost kernel: npviewer.bin[15863] general protection ip:116f57c sp:bfd1c2c0 error:0 in libflashplayer.so[dfd000+994000]
主要是需要指定处理的日志,开始和结束的时间,指定的字符串,检查这段时间内的日志中是否存在某一个指定的字符串,返回值为真或者假就可以。我是新手,不清楚怎么处理时间这段,各位能帮忙的就麻烦您帮个忙。
Sep 19 09:39:19 localhost kernel: imklog 3.22.1, log source = /proc/kmsg started.
Sep 19 09:39:19 localhost rsyslogd: [origin software="rsyslogd" swVersion="3.22.1" x-pid="1565" x-info="http://www.rsyslog.com"] (re)start
Sep 19 09:47:36 localhost firefox: gethostby*.getanswer: asked for "vod.lzu.edu.cn.localdomain", got "wx.redirect.local"
Sep 19 09:47:36 localhost firefox: gethostby*.getanswer: asked for "vod.lzu.edu.cn", got "wx.redirect.local"
Sep 19 11:47:51 localhost kernel: npviewer.bin[7338] general protection ip:116f57c sp:bfddc9c0 error:0 in libflashplayer.so[dfd000+994000]
Sep 19 11:48:10 localhost firefox: gethostby*.getanswer: asked for "vod.lzu.edu.cn", got "wx.redirect.local"
Sep 19 11:49:25 localhost firefox: gethostby*.getanswer: asked for "vod.lzu.edu.cn", got "wx.redirect.local"
Sep 19 11:49:25 localhost firefox: gethostby*.getanswer: asked for "vod.lzu.edu.cn", got "wx.redirect.local"
Sep 19 12:28:35 localhost kernel: npviewer.bin[15863] general protection ip:116f57c sp:bfd1c2c0 error:0 in libflashplayer.so[dfd000+994000]
主要是需要指定处理的日志,开始和结束的时间,指定的字符串,检查这段时间内的日志中是否存在某一个指定的字符串,返回值为真或者假就可以。我是新手,不清楚怎么处理时间这段,各位能帮忙的就麻烦您帮个忙。
作者: 猪鼻插葱 发布时间: 2010-09-19
发一段伪代码:
复制代码
- #!/usr/bin/perl
- use strict;
- use warnings;
-
-
- sub checktime(){
- #用这个函数来检查时间是否在范围内,如果是、返回1,如果不是返回0
- #具体比较因为需求不太明朗,这里留空,请自行补充,呵呵
- }
-
- my $flag = 'false';
- open FH,"< 日志文件路径";
- while(<FH>){
- my $line = $_;
- if($line =~ /^(.+?:\d\d:\d\d)/){
- my $result = &checktime($1); #这里$1里存放的就是时间,如:Sep 19 12:28:35
- if($result > 0 && $line =~ /关键字/){
- $flag = 'true';
- next;
- }
- }
- }
- close FH;
- return $flag;
作者: 珞水的大叔 发布时间: 2010-09-19
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
