Checking Your System Logs with awk
Jose Nazario
September 2001
Listing 1 | Listing
2 | Listing 3 | Listing
4 | Listing 5
UNIX systems are especially talkative and log considerable amounts of data.
Many administrators at first find digging through all those logs annoying, and
some abandon the practice of checking logs for that reason. However, when system
problems arise, those admins are left wondering what occurred and why. Because
there is so much data to sift through on a regular UNIX system, efficiency must
be sought to make sense of all of this data and keep a watchful eye on your
system.
My tool of choice to solve this matter is the awk language. Originally,
I used grep in a rather wieldy shell script, and didn't want
to port it to Perl. I found that awk provided a bit more flexibility
than my sometimes convoluted shell script, worked very well for the ordered
structure of log files, and had better regular expression handling than grep.
I will show several notification items that can be readily picked out, and put
them together in an awk script to parse log files in a pretty quick
manner.
While most administrators are familiar with grep, most have not
become so familiar with awk, instead favoring Perl. awk
has a number of advantages over grep, and even a few over Perl.
- One
awk script can run faster than a shell script that calls
grep multiple times. When processing large files, this time difference
can become noticable.
|
