Skip to content Skip to sidebar Skip to footer

Combination of cat and grep Commands to Filter out What We only Want to Show

Cause

I have a log, where the log records all application activity on the server, and the log confirmed by the request time, at one time there was a case where I was required to retrieve the log and must select only logs on "25 October 2020" with a request time of "more than 6 seconds".


Ex. Log :

127.0.0.1 - - [25/Oct/2020:12:00:00 +0700] TLSv1.2/ECDHE-RSA-AES256-SHA384 "POST /kitsake/blogspot/com HTTP/1.1" 200 765 0.336 "-" "-" "-" "0.336"
ex output of log format
ex output of log format

Wich one :

127.0.0.1 : Sender's IP
[25/Oct/2020:12:00:00 +0700] : date:time:gmt
TLSv1.2/ECDHE-RSA-AES256-SHA384 : TLS Information from the Sender
"POST /kitsake/blogspot/com HTTP/1.1" 200 : Sent with a Status of 200 
0.336 "-" "-" "-" "0.336" : Request Time Information with Second Calculation


Resolution

From the log we can get the format information of the output that is displayed, and now we create a command which combined "cat: to browse the file" "grep: to filter what you want to display"

Command

# cat [filenameoflog] |grep [date/time/gmt] |grep [requesttime]

In this case, I took the request time format that was "x.xxx", keep in mind that the character must also be entered because it is very sensitive. so because from the start we will take logs that are longer than 6 seconds so:

"[6-9] =" 6,7,8,9 seconds
. [0-9] = "1,2,3,4,5,6,7,8,9 milliseconds
[0-9] = "1,2,3,4,5,6,7,8,9 milliseconds
[0-9] "=" 1,2,3,4,5,6,7,8,9 milliseconds

Trying

ok let's try with the command below

# cat kitsake.blogspot.com.log | grep '25/Oct/2020' | grep '"[6-9].[0-9][0-9][0-9]"' | grep '"[1-9][1-9].[0-9][0-9][0-9]"'
ex output of log with filtering
ex output of log with filtering


2 comments for "Combination of cat and grep Commands to Filter out What We only Want to Show"

Invoker Fury 8:43 AM Delete Comment
Thanks bro, it's god damn so fucking good, Really helpful..

Cheers
Bangkit Ade Saputra 9:42 AM Delete Comment
Your Welcome Bro...


Cheers