Code:
awk -v now="$(date +%s)" -v tDiff="${AMINUTES}" '
BEGIN {
FS="="
if (!now) now=systime()
if (!tDiff) tDiff=60*60
p=1
}
/{/ {rec=$0;p=1;next}
/}/ && rec && p {print rec ORS $0;next}
$1=="entry_time" { if (now-$2>tDiff)p=0 }
{rec=rec ORS $0}' "${1}"the below code is very fast. it was built for something else but i'd like to be able to tweak it to do what i want to do.
what i need to do is a read a system log file which is about 40MB huge. i was to pull out the last 10 minutes worth of a information from the log.
my problem is, for a log file that big, records may be in there which may be a year or more old.
for instance, if i wanted to grab the last 10 minutes from a log. a variation of the following command can be used:
Code:
awk '/Jan 16 10:20/,0' /var/log/mail.logany help will be much appreciated.