apache2: Как искать строку из журналов ошибок apache2 в определенном временном диапазоне?

Question 1

У меня есть журналы вроде этого, я хочу искать строку Form1Debugging с даты [Sun Oct 01 04:26:29.593869 2017] to [Tue Oct 03 04:26:29.593869 2017]

[Tue Oct 03 04:26:29.593869 2017] [:error] [pid 28464] 
[client 127.0.0.1:47984] Form1Debugging----- Contact Email ...........

Я пробовал это awk -vDate='date -d'now-48 hours' +[%d/%b/%Y:%H:%M:%S '$1 > Date {print Date, $0}' error.log

Но это не дает желаемых результатов, так как у меня есть тысячи журналов в этих диапазонах дат, я хочу искать строку «Form1Debugging», поэтому она должна давать только журналы с этой строкой в указанный промежуток времени. Как я могу это сделать?

Question 2

Я создал простой скрипт, основанный на предлагаемом ответе. Сценарий имеет пять входных переменных:

$1 - date from (string from) $2 - date to (string to) $3 - файл журнала, полный путь и имя $4 - первая строка для поиска $5 - вторая строка для поиска

Содержимое скрипта:

#!/bin/bash

# Escape all special characters: "[", "]", ":", " ", "."
s1="$(echo $1 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s2="$(echo $2 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s3="$3"
s4="$(echo $4 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s5="$(echo $5 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
[ ! -z "$s5" ] && s5=".*$s5"

# Crop the log file
sudo sed -n "/$s1/,/$s2/p" "$s3" | grep --color=always "$s4$s5"

Давайте назовем скрипт crop-log и поместим его в /usr/local/bin, поэтому он будет доступен как система команд оболочки:

sudo touch /usr/local/bin/crop-log
sudo chmod +x /usr/local/bin/crop-log
sudo nano /usr/local/bin/crop-log

$1 - date from (string from)

Пример использования:

$ crop-log '[Tue Oct 03 07:35:08.000989 2017]' '04 07:35:07.663281' "/var/log/apache2/error.log"

[Tue Oct 03 07:35:08.000989 2017] [mpm_prefork:notice] [pid 1622] AH00163: Apache/2.4.18 (Ubuntu) mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g mod_perl/2.0.9 Perl/v5.22.1 configured -- resuming normal operations
[Tue Oct 03 07:35:08.001011 2017] [core:notice] [pid 1622] AH00094: Command line: '/usr/sbin/apache2'
[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart    AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message'
[Wed Oct 04 07:35:07.663176 2017] [:error] [pid 1622] python_init: Python version mismatch, expected '2.7.6', found '2.7.12'.
[Wed Oct 04 07:35:07.663275 2017] [:error] [pid 1622] python_init: Python executable found '/usr/bin/python'.
[Wed Oct 04 07:35:07.663281 2017] [:error] [pid 1622] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.

$ crop-log 'Oct 03 07:35:08' '04 07:35:07.663281' "/var/log/apache2/error.log" "[mpm_prefork:notice]"

[Tue Oct 03 07:35:08.000989 2017] [mpm_prefork:notice] [pid 1622] AH00163: Apache/2.4.18 (Ubuntu) mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g mod_perl/2.0.9 Perl/v5.22.1 configured -- resuming normal operations
[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart

$ crop-log '03 07:35:08' 'Oct 04 07:35:07.663281' "/var/log/apache2/error.log" "[mpm_prefork:notice]" "AH00171:"

[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart

$ crop-log '-H--' '-Z--' "/var/log/apache2/modsec_audit.log" '[id \"'

Message: Access denied with redirection to https://www.youtube.com/watch?v=gLmcGkvJ-e0 using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]
Message: Access denied with redirection to https://www.youtube.com/watch?v=nb2evY0kmpQ using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]
Message: Access denied with redirection to https://www.youtube.com/watch?v=z9Uz1icjwrM using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]

Question 3

Question 4

Я создал простой скрипт, основанный на предлагаемом ответе. Сценарий имеет пять входных переменных:

$1 - date from (string from) $2 - date to (string to) $3 - файл журнала, полный путь и имя $4 - первая строка для поиска $5 - вторая строка для поиска

Содержимое скрипта:

#!/bin/bash

# Escape all special characters: "[", "]", ":", " ", "."
s1="$(echo $1 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s2="$(echo $2 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s3="$3"
s4="$(echo $4 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s5="$(echo $5 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
[ ! -z "$s5" ] && s5=".*$s5"

# Crop the log file
sudo sed -n "/$s1/,/$s2/p" "$s3" | grep --color=always "$s4$s5"

Давайте назовем скрипт crop-log и поместим его в /usr/local/bin, поэтому он будет доступен как система команд оболочки:

sudo touch /usr/local/bin/crop-log
sudo chmod +x /usr/local/bin/crop-log
sudo nano /usr/local/bin/crop-log

$1 - date from (string from)

Пример использования:

$ crop-log '[Tue Oct 03 07:35:08.000989 2017]' '04 07:35:07.663281' "/var/log/apache2/error.log"

[Tue Oct 03 07:35:08.000989 2017] [mpm_prefork:notice] [pid 1622] AH00163: Apache/2.4.18 (Ubuntu) mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g mod_perl/2.0.9 Perl/v5.22.1 configured -- resuming normal operations
[Tue Oct 03 07:35:08.001011 2017] [core:notice] [pid 1622] AH00094: Command line: '/usr/sbin/apache2'
[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart    AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message'
[Wed Oct 04 07:35:07.663176 2017] [:error] [pid 1622] python_init: Python version mismatch, expected '2.7.6', found '2.7.12'.
[Wed Oct 04 07:35:07.663275 2017] [:error] [pid 1622] python_init: Python executable found '/usr/bin/python'.
[Wed Oct 04 07:35:07.663281 2017] [:error] [pid 1622] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.

$ crop-log 'Oct 03 07:35:08' '04 07:35:07.663281' "/var/log/apache2/error.log" "[mpm_prefork:notice]"

[Tue Oct 03 07:35:08.000989 2017] [mpm_prefork:notice] [pid 1622] AH00163: Apache/2.4.18 (Ubuntu) mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g mod_perl/2.0.9 Perl/v5.22.1 configured -- resuming normal operations
[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart

$ crop-log '03 07:35:08' 'Oct 04 07:35:07.663281' "/var/log/apache2/error.log" "[mpm_prefork:notice]" "AH00171:"

[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart

$ crop-log '-H--' '-Z--' "/var/log/apache2/modsec_audit.log" '[id \"'

Message: Access denied with redirection to https://www.youtube.com/watch?v=gLmcGkvJ-e0 using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]
Message: Access denied with redirection to https://www.youtube.com/watch?v=nb2evY0kmpQ using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]
Message: Access denied with redirection to https://www.youtube.com/watch?v=z9Uz1icjwrM using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]

pa4080 · Answer 1 · 18 July 2018 в 05:48

Я создал простой скрипт, основанный на предлагаемом ответе. Сценарий имеет пять входных переменных:

$1 - date from (string from) $2 - date to (string to) $3 - файл журнала, полный путь и имя $4 - первая строка для поиска $5 - вторая строка для поиска

Содержимое скрипта:

#!/bin/bash

# Escape all special characters: "[", "]", ":", " ", "."
s1="$(echo $1 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s2="$(echo $2 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s3="$3"
s4="$(echo $4 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s5="$(echo $5 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
[ ! -z "$s5" ] && s5=".*$s5"

# Crop the log file
sudo sed -n "/$s1/,/$s2/p" "$s3" | grep --color=always "$s4$s5"

Давайте назовем скрипт crop-log и поместим его в /usr/local/bin, поэтому он будет доступен как система команд оболочки:

sudo touch /usr/local/bin/crop-log
sudo chmod +x /usr/local/bin/crop-log
sudo nano /usr/local/bin/crop-log

$1 - date from (string from)

Пример использования:

$ crop-log '[Tue Oct 03 07:35:08.000989 2017]' '04 07:35:07.663281' "/var/log/apache2/error.log"

[Tue Oct 03 07:35:08.000989 2017] [mpm_prefork:notice] [pid 1622] AH00163: Apache/2.4.18 (Ubuntu) mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g mod_perl/2.0.9 Perl/v5.22.1 configured -- resuming normal operations
[Tue Oct 03 07:35:08.001011 2017] [core:notice] [pid 1622] AH00094: Command line: '/usr/sbin/apache2'
[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart    AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message'
[Wed Oct 04 07:35:07.663176 2017] [:error] [pid 1622] python_init: Python version mismatch, expected '2.7.6', found '2.7.12'.
[Wed Oct 04 07:35:07.663275 2017] [:error] [pid 1622] python_init: Python executable found '/usr/bin/python'.
[Wed Oct 04 07:35:07.663281 2017] [:error] [pid 1622] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.

$ crop-log 'Oct 03 07:35:08' '04 07:35:07.663281' "/var/log/apache2/error.log" "[mpm_prefork:notice]"

[Tue Oct 03 07:35:08.000989 2017] [mpm_prefork:notice] [pid 1622] AH00163: Apache/2.4.18 (Ubuntu) mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g mod_perl/2.0.9 Perl/v5.22.1 configured -- resuming normal operations
[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart

$ crop-log '03 07:35:08' 'Oct 04 07:35:07.663281' "/var/log/apache2/error.log" "[mpm_prefork:notice]" "AH00171:"

[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart

$ crop-log '-H--' '-Z--' "/var/log/apache2/modsec_audit.log" '[id \"'

Message: Access denied with redirection to https://www.youtube.com/watch?v=gLmcGkvJ-e0 using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]
Message: Access denied with redirection to https://www.youtube.com/watch?v=nb2evY0kmpQ using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]
Message: Access denied with redirection to https://www.youtube.com/watch?v=z9Uz1icjwrM using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]

pa4080 · Answer 2 · 24 July 2018 в 18:26

Я создал простой скрипт, основанный на предлагаемом ответе. Сценарий имеет пять входных переменных:

$1 - date from (string from) $2 - date to (string to) $3 - файл журнала, полный путь и имя $4 - первая строка для поиска $5 - вторая строка для поиска

Содержимое скрипта:

#!/bin/bash

# Escape all special characters: "[", "]", ":", " ", "."
s1="$(echo $1 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s2="$(echo $2 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s3="$3"
s4="$(echo $4 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
s5="$(echo $5 | sed -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/\:/\\\:/g' -e 's/\ /\\\ /g' -e 's/\./\\\./g')"
[ ! -z "$s5" ] && s5=".*$s5"

# Crop the log file
sudo sed -n "/$s1/,/$s2/p" "$s3" | grep --color=always "$s4$s5"

Давайте назовем скрипт crop-log и поместим его в /usr/local/bin, поэтому он будет доступен как система команд оболочки:

sudo touch /usr/local/bin/crop-log
sudo chmod +x /usr/local/bin/crop-log
sudo nano /usr/local/bin/crop-log

$1 - date from (string from)

Пример использования:

$ crop-log '[Tue Oct 03 07:35:08.000989 2017]' '04 07:35:07.663281' "/var/log/apache2/error.log"

[Tue Oct 03 07:35:08.000989 2017] [mpm_prefork:notice] [pid 1622] AH00163: Apache/2.4.18 (Ubuntu) mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g mod_perl/2.0.9 Perl/v5.22.1 configured -- resuming normal operations
[Tue Oct 03 07:35:08.001011 2017] [core:notice] [pid 1622] AH00094: Command line: '/usr/sbin/apache2'
[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart    AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message'
[Wed Oct 04 07:35:07.663176 2017] [:error] [pid 1622] python_init: Python version mismatch, expected '2.7.6', found '2.7.12'.
[Wed Oct 04 07:35:07.663275 2017] [:error] [pid 1622] python_init: Python executable found '/usr/bin/python'.
[Wed Oct 04 07:35:07.663281 2017] [:error] [pid 1622] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.

$ crop-log 'Oct 03 07:35:08' '04 07:35:07.663281' "/var/log/apache2/error.log" "[mpm_prefork:notice]"

[Tue Oct 03 07:35:08.000989 2017] [mpm_prefork:notice] [pid 1622] AH00163: Apache/2.4.18 (Ubuntu) mod_python/3.3.1 Python/2.7.12 OpenSSL/1.0.2g mod_perl/2.0.9 Perl/v5.22.1 configured -- resuming normal operations
[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart

$ crop-log '03 07:35:08' 'Oct 04 07:35:07.663281' "/var/log/apache2/error.log" "[mpm_prefork:notice]" "AH00171:"

[Wed Oct 04 07:35:07.559898 2017] [mpm_prefork:notice] [pid 1622] AH00171: Graceful restart requested, doing restart

$ crop-log '-H--' '-Z--' "/var/log/apache2/modsec_audit.log" '[id \"'

Message: Access denied with redirection to https://www.youtube.com/watch?v=gLmcGkvJ-e0 using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]
Message: Access denied with redirection to https://www.youtube.com/watch?v=nb2evY0kmpQ using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]
Message: Access denied with redirection to https://www.youtube.com/watch?v=z9Uz1icjwrM using status 302 (phase 2). Match of "ipMatchFromFile /web-security/modsecurity-ip-white.list" against "REMOTE_ADDR" required. [file "/etc/apache2/mods-enabled/security2.conf"] [line "73"] [id "150"]

apache2: Как искать строку из журналов ошибок apache2 в определенном временном диапазоне?

2 ответа

Другие вопросы по тегам:

Похожие вопросы: