| Log Event Time Distribution (Part II)KrazyWorks

Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Featured, Monitoring

Log Event Time Distribution (Part II)

Submitted by Igor on November 11, 2015 – 2:30 am

Earlier I discussed a way to visualize frequency and distribution of messages in log files. Here’s a script to help you with that. Currently, the script works with two time formats: the one used in xferlog (Sun Nov 8 03:38:21 2015) and the one used in /var/log/messages (Nov 8 03:38:21).

Save the script below as /var/adm/bin/led.sh; make it executable; soft-link it to /usr/bin/led. The syntax is as follows:

led <frequency> <log> <type> <string>

# Frequencies:
m - monthly
d - daily
h - hourly

# Log types:
1 - xferlog date format
2 - messages date format

Here are a couple of examples to get you started:

led d /var/log/xferlog 1 user ftp
2015-07-25 Sat  18      ............................ 18
2015-08-07 Fri  1       .. 1
2015-08-21 Fri  7       ........... 7
2015-10-17 Sat  1       .. 1
2015-10-18 Sun  2       .... 2
2015-10-26 Mon  10      ................ 10
2015-10-27 Tue  40      ............................................................. 40
2015-11-08 Sun  1       .. 1

led d /var/log/messages 2 denied access to vsftpd
2015-10-31 Sat  6       ...... 6
2015-11-01 Sun  31      ............................. 31
2015-11-02 Mon  6       ...... 6
2015-11-03 Tue  1       . 1
2015-11-04 Wed  65      ............................................................ 65
2015-11-05 Thu  41      ...................................... 41
2015-11-06 Fri  4       .... 4
2015-11-07 Sat  1       . 1
2015-11-08 Sun  9       ......... 9
2015-11-09 Mon  2       .. 2
2015-11-10 Tue  29      ........................... 29

led m /var/log/secure 2 sshd.*Invalid user
2015-Sep        4047    ............................................................ 4047
2015-Oct        1980    .............................. 1980
2015-Nov        1272    ................... 1272

led m /var/log/cron 2 /var/adm/bin/loadmon.sh
2015-Sep        1715    ................................... 1715
2015-Oct        2976    ............................................................ 2976
2015-Nov        974     .................... 974

led m /var/log/maillog 2 to=\<root@
2015-Sep        1852    ................................... 1852
2015-Oct        3224    ............................................................ 3224
2015-Nov        1061    .................... 1061

And here’s the script (download):