Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how to select the content with sed in linux shell

Tags:

regex

shell

sed

awk

In my project, I have a linux file: audit_check.log

The content of audit_check.log is like:

2019-01-08 15:09:32,root     pts/0        2019-01-08 11:30 ,root,vm1, 3111  sh keycmd.sh ,/root/USER_CD
2019-01-08 15:09:40,root     pts/0        2019-01-08 11:30 ,root,vm1, 3112  cat /tmp/keycmdtmp.log ,/root/USER_CD
2019-01-08 15:10:30,root     pts/0        2019-01-08 11:30 ,root,vm1, 3115  cat /var/log/audit_check.log,/root/USER_CD
2019-01-08 15:10:51,root     pts/0        2019-01-08 11:30 ,root,vm1, 3116  echo yang > xie,/root/USER_CD
2019-01-08 15:10:54,root     pts/0        2019-01-08 11:30 ,root,vm1, 3117  rm -rf xie,/root/USER_CD
2019-01-08 15:10:56,root     pts/0        2019-01-08 11:30 ,root,vm1, 3118  sh keycmd.sh ,/root/USER_CD
2019-01-08 15:11:35,root     pts/0        2019-01-08 11:30 ,root,vm1, 3119  vi keycmd.sh ,/root/USER_CD
2019-01-08 15:11:39,root     pts/0        2019-01-08 11:30 ,root,vm1, 3120  sh keycmd.sh ,/root/USER_CD
2019-01-08 15:11:39,root     pts/0        2019-01-08 15:09 ,root,vm1, 3120  rm keycmd.sh ,/root/USER_CD
2019-01-08 15:12:39,root     pts/0        2019-01-08 11:30 ,root,vm1, 3120  rm keycmd.sh ,/root/USER_CD

Now, I want to select all lines in the same minute.

for example, when timestr is:

2019-01-08 15:09

the correct result should be:

2019-01-08 15:09:32,root     pts/0        2019-01-08 11:30 ,root,vm1, 3111  sh keycmd.sh ,/root/USER_CD
2019-01-08 15:09:40,root     pts/0        2019-01-08 11:30 ,root,vm1, 3112  cat /tmp/keycmdtmp.log ,/root/USER_CD

But the line:

2019-01-08 15:11:39,root     pts/0        2019-01-08 15:09 ,root,vm1, 3120  rm keycmd.sh ,/root/USER_CD

is exclude in result.

I have tried:

timestr=`date +%Y-%m-%d" "%H:%M`

 sed -n '/^$timestr/p' /var/log/audit_check.log  > /tmp/keycmdtmp.log

but /tmp/keycmdtmp.log is empty. When i remove "^" like:

timestr=`date +%Y-%m-%d" "%H:%M`

sed -n '/$timestr/p' /var/log/audit_check.log  > /tmp/keycmdtmp.log

the result is changed to :

2019-01-08 15:09:32,root     pts/0        2019-01-08 11:30 ,root,vm1, 3111  sh keycmd.sh ,/root/USER_CD
2019-01-08 15:09:40,root     pts/0        2019-01-08 11:30 ,root,vm1, 3112  cat /tmp/keycmdtmp.log ,/root/USER_CD
2019-01-08 15:11:39,root     pts/0        2019-01-08 15:09 ,root,vm1, 3120  rm keycmd.sh ,/root/USER_CD

It seems nothing wrong, who can help me?
like image 357
stack Avatar asked Nov 18 '25 08:11

stack

1 Answers

This is better suited for awk:

awk -F, -v dt="$(date '+%Y-%m-%d %H:%M')" '$1 ~ dt' file


2019-01-08 15:09:32,root     pts/0        2019-01-08 11:30 ,root,vm1, 3111  sh keycmd.sh ,/root/USER_CD
2019-01-08 15:09:40,root     pts/0        2019-01-08 11:30 ,root,vm1, 3112  cat /tmp/keycmdtmp.log ,/root/USER_CD
like image 74
anubhava Avatar answered Nov 20 '25 23:11

anubhava
Sign in to Comment

Related questions

I used a regular expression to restrict the numbers only between 3.00 to 100.00.But it was allowing the numbers between 100.01 to 100.99
Find a word not proceeded by another word
Regex to match {12} digit number & other pattern, multiline, when any characters can be between them
regex to match a string without whitespaces between two #
split a string only if it contains multiple year in it and make a custom string
How would I match a string that may or may not span multiple lines?
Closest number in string to specific phrase
reading regular expression for beginner

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!