Help sorting data from log file

[Kipnep70]

I was wodering if awk would be a good program to use to pull information from a log file that contains several hosts. Underneath each host in the log there is a description of problem(s) that have occurred while trying to back it up.

example of the log file I have manipulated:

----------------------------------------------------------
host-1
1146692578 1 4 16 uhilh703 177178 177178 0 gardnere-laptop bpsched backup of client host-1 exited with status 1 (the requested operation was partially successful)

host-2
1146690631 1 4 8 uhilh703 177268 177268 0 uhilc304 bpbrm from client host-2: WRN - can't open file: C:\Program Files\Symantec AntiVirus\SAVRT\0057NAV~.TMP (WIN32 32: The process cannot access the file because it is being used by another process. )

host-3
1146690719 1 4 8 uhilh703 177269 177269 0 uhildp27 bpbrm from client host-3: WRN - can't open file: C:\Program Files\Symantec AntiVirus\Savrt\0644NAV~.TMP (WIN32 32: The process cannot access the file because it is being used by another process. )
--------------------------------------------------------


Anyway there are several of these hosts and each one has a system administrator that I want to email their hosts' information from this file. I have a separate file that lists each system administrator's name, e-mail, and host that they are managing.

I was wondering how I can extract each hosts information from the log and send it to its system administrator.

Any ideas would be appreciated! (Just something to get me started with would be great.)

 

[olded]

Since you apparently have only one line to email, I don't think you really need awk. You can just use the shell:

# untested
#!/bin/ksh

while read line
do
   if [[ $line = "host-1" || $line = "host-2" || $line = "host-3" ]]
   then
      # get the email address
      continue
   fi
   echo "$line >> output_file
   mailx -s "Log message" $address < output_file
done < logfile

Since I don't know the structure of your administrators file, this is untested.

 

[Annihilannic]

Hi olded,

That would send an email for every line (including the blank ones)?

How about this awk solution:

awk '
        # While the record number in the current file
        # matches the total number of records processed
        # (i.e. reading the first file), do...
        NR==FNR {
                # Load addresses and names (unused at
                # the moment) into arrays
                split($0,a,":")
                name[a[3]]=a[1]
                address[a[3]]=a[2]
                next    # skip to next record
        }

        # Presuming a line with one field is a host name
        NF==1 {
                host=$1
                getline
                if (host in address) {
                        print | "mail -s \"Log message from " host "\" " address[host]
                } else {
                        print "unknown host: " host
                }
        }
' addresses log

I used an addresses file in this format:

[tt]John Doe:john@example.com:host-1
Fred Doe:fred@example.com:host-2
Sandra Dee:sandra_dee@example.com:host-3
Someone Else:someone@example.com:host-4[/tt]

Annihilannic.

 

[futurelet]

ARGV[1]==FILENAME {
  split( $0, a, /:/ )
  address[ a[3] ] = a[2]
  next
}
NF==1 { host = $1 }
NF>1 {
  if ( host in address )
    print | "mail -s \"Log message from " host "\" " address[host]
  else
    print host, "not found in address file."
}

 

[Kipnep70]

Much appreciated!

 

[olded]

OK, fortunately I did say it would only handle one line. The shell is capable of doing it, unfortunately ksh88 doesn't support associative arrays, so you need two arrays in this solution:

#!/bin/ksh
set -A address_arr
set -A email_arr
typeset -i cnt

# build the arrays
while IFS=":" read f1 f2 f3
do
   address_arr[${#address_arr[*]}]="$f3"
   email_arr[${#email_arr[*]}]="$f2"
done < address_file
cnt=$((${#address_arr[*]}-1))

# find the index into the arrays
function find_index
{
typeset -i mycnt
typeset -i x

x=0
while [[ $x < $cnt ]]
do
  if [[ $1 = ${address_arr[$x]} ]]
  then break fi
 ((x=x+1))
done
echo $x
}
# process the log file
total_line=""
while read line
do
   set -- $(echo $line)
   if [[ $#  -eq 1 ]]
   then # 1 the host field has changed
      v=$(find_index $line)
      address=${email_arr[$v]}
      if [[ -z $total_line ]]
      then
         :
      else
         mailx -s "Log message" $saved_address << MSG
$(echo "$total_line")
MSG
      fi
      total_line=""
      saved_address=$address
      continue
   fi
   total_line="$total_line""\n""$line"
done < logfile

# clean up the last block
if [[ ! -z $total_line ]]
then
   mailx -s "Log message" $address << MSG
$(echo "$total_line")
MSG
fi