bash 如何在特定时间范围内grep一组文件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20308053/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to grep a group of files within a specific time range
提问by Steve
I'm trying to write a script used on a buffer box that does full packet capture of network traffic. As it's for a fairly big network we split the captures into 100MB segments. At times of high network traffic oftentimes over a one minute period we will have multiple pcaps which cover that period.
我正在尝试编写一个用于对网络流量进行完整数据包捕获的缓冲盒上使用的脚本。由于这是一个相当大的网络,我们将捕获分成 100MB 的段。在网络流量高的时候,通常在一分钟内,我们会有多个 pcaps 来覆盖那个时期。
So what I want to do is have a bash script that lets the analyst who is searching for something specify a date and time and how many minutes either side of it they want to search for files. Obviously I can do something like this -
所以我想要做的是有一个 bash 脚本,让正在搜索某些内容的分析师指定日期和时间,以及他们想要搜索文件的时间和时间。显然我可以做这样的事情 -
ls -al | grep "Dec 1" | grep 02:00
ls -al | grep "Dec 1" | grep 02:01
and so on, get each result and grep each file individually for the specific keyword I'm looking for, but I'd like to be able to do a wider search for all files created within a time range and then grep each of them for the keyword.
依此类推,获取每个结果并针对我正在查找的特定关键字分别对每个文件进行 grep,但我希望能够对在时间范围内创建的所有文件进行更广泛的搜索,然后对每个文件进行 grep关键字。
I'm not entirely sure how to do that, any help would be appreciated.
我不完全确定如何做到这一点,任何帮助将不胜感激。
采纳答案by Steve
find . -maxdepth 1 -newermt "2013-10-28 00:00:00" ! -newermt "2013-10-29 00:00:00"
回答by Armali
What I want is for an analyst to say 1st December at 11:00am with a keyword of "foo" searching 5 minutes either side. The script should find all files created between 10:55am and 11:05am and grep them for the keyword "foo"
我想要的是分析师在 12 月 1 日上午 11:00 使用关键字“foo”在两边搜索 5 分钟。该脚本应查找在上午 10:55 到上午 11:05 之间创建的所有文件,并针对关键字“foo”对它们进行 grep
This script uses touch -dto create temporary files with time stamps of the start and end of the time range, because older versions of findhave the option -neweronly, not -newermt, and touch -dconveniently allows using the given time specification (with little modification) with the minutes adjustment. The necessary modifications to the given date are done with sedand consist of moving the day after the month and removing suffixes as stor ndas well as the word at.
该脚本用于touch -d创建带有时间范围开始和结束时间戳的临时文件,因为旧版本只有find选项-newer,没有-newermt,并且touch -d方便地允许使用给定的时间规范(几乎没有修改)和分钟调整。对给定日期进行必要的修改sed,包括移动月份后的第二天并删除后缀为st或nd以及单词at。
read -p'date and time: ' dat
read -p'+/- minutes: ' min
read -p'keyword: ' key
dat=`sed 's/\([0-9]\+\)\(st\|nd\|rd\|th\|\) \([^ ]*\)/ /; s/at //' <<<$dat`
touch -d"$dat $min min" /tmp/to
touch -d"$dat -$min min" /tmp/from
find . -type f -newer /tmp/from ! -newer /tmp/to | xargs grep "$key"
rm /tmp/from /tmp/to
回答by vangelion
Check out findwith the -cminor -ctimearguments.
find使用-cminor-ctime参数检查。
So,
所以,
find -iname "*.log" -mtime +30 -mtime -90 -exec grep plasma {} \;
, would find files ending in ".log" which were modified greater than 30 days ago, but less than 90 days, then run said file through greplooking for the word "plasma".
, 会找到以“.log”结尾的文件,这些文件在 30 天之前修改过但少于 90 天,然后通过grep查找“等离子”一词来运行所述文件。
回答by jim mcnamara
Say you want 20131130 from 0100 to 0130 - This does that with find:
假设您想要从 0100 到 0130 的 20131130 - 这可以通过 find 实现:
touch -t 201311300100 dummy1
touch -t 201311300130 dummy2
find /path/to/logs type -f \( -newer dummy1 -a ! -newer dummy2 \) -name '*.log'
the 201311300100 bit is a touch timestring. I posted the most vanilla version I know because of the UNIX tag....
201311300100 位是一个触摸时间串。由于 UNIX 标签,我发布了我所知道的最普通的版本......
