2

I want to filter the log written in the last 10 minutes in the access.log file of Nginx on Ubuntu 16.04. I tried using the below line but only the log for that minute is filtered.

awk -v d1="$(date --date="-10 min" "+%d/%b/%Y:%H:%M")" -v d2="$(date "+%d/%b/%Y:%H:%M")" '$0 > d1 && $0 < d2 || $0 ~ d2' /usr/local/nginx/logs/access.log

This is the date format for the logs that are written:
12/Apr/2018:12:49:03
Any help would be greatly appreciated.

Improve this question

1 Answer 1

Reset to default
3

The problem is that nginx logs don't have the date at the beginning of the file: thinking of this you get to this (mine was the 5th element on the line, notice the $4 )

sudo awk -v d1="$(date --date '-10 min' '+%d/%b/%Y:%T')" '$4 > d1' /var/log/nginx/access.log

then again the issue is having the unrelated square bracket at the beginning:

So removing the square bracket gives you something functioning:

sudo awk -v d1="$(date --date '-10 min' '+%d/%b/%Y:%T')" '{gsub(/^[\[\t]+/, "", $4);}; $4 > d1' /var/log/nginx/access.log

I have simplified the example a bit to demonstrate the issue but you can always add back the upper boundaries checks if you wish to.

Improve this answer
1
  • This does not work on the 1st of each new month, when reading logs from the end of the previous month. It will simply list all the log entries. Commented Oct 1, 2021 at 6:22

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.