#!/usr/bin/perl # # Script name: search_logs.pl # # Author: William Hathaway (www.williamhathaway.com) # # Purpose: # This script will perform a search for any regex given on the command line # and print out both the operation and result for any lines that match # the regex. This was inspired by a script written by Mitch Silverstein. # # License: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # ######################################################################### # ######################################################################### # Examples: ######################################################################### ######## show all searches # search_logs.pl SRCH logs/access # # [17/Nov/2005:12:48:55 -0500] conn=37784697 op=1 msgId=110260 - SRCH base="ou=people,dc=example,dc=com" scope=2 filter="(mobile=7175551212)" attrs=ALL # [17/Nov/2005:12:48:55 -0500] conn=37784697 op=1 msgId=110260 - RESULT err=0 tag=101 nentries=1 etime=2 # # #### show all ops with err=4 # search_logs.pl "err=4 " logs/access # # [17/Nov/2005:12:51:34 -0500] conn=37652507 op=1974 msgId=1975 - SRCH base="ou=people,dc=example,dc=com" scope=2 filter="(mobile=71715551234)" attrs=ALL # [17/Nov/2005:12:51:34 -0500] conn=37652507 op=1974 msgId=1975 - RESULT err=4 tag=101 nentries=1 etime # # #### show all ops for conn=150 and then pipeline it to look for etime != 0 # search_logs.pl "conn=150 " logs/access | /shared/search_logs etime=[^0] # # [06/Mar/2006:16:30:42 -0500] conn=150 op=153987 msgId=153988 - MOD dn="uid=test125842,ou=people,dc=example,dc=com" # [06/Mar/2006:16:30:43 -0500] conn=150 op=153987 msgId=153988 - RESULT err=0 tag=103 nentries=0 etime=1 ######################################################################### # print usage message and exit sub usage { print "Usage: $0 [regex] [ ... ]\n"; print "This script will search the file(s)/stdin with the specified\n"; print "regex. If any operation or result lines match the regex\n"; print "both the operation and result lines will be printed.\n"; exit(1); } $REGEX=shift(@ARGV) or usage(); if ($REGEX =~ /^-h|^--help/) { usage(); } while ($line=<>) { if ($line =~ /^.{28} conn=(\S+) op=(\S+) msgId=\S+ - (\S+)/) { $conn=$1; $op=$2; $type=$3; if ($type !~ /^RESULT/) { # add/mod/del ... if ($line =~ /$REGEX/io) { $match_hash{$conn}{$op}=$line; } else { $line_hash{$conn}{$op}=$line; } # if we are at a result line # check to see if we found a match earlier # and print out the data if we did # # otherwise we check to see if the current line # matches the regex and if so, print the corresponding # operation line } else { # a RESULT line if ($match_hash{$conn}{$op}) { print $match_hash{$conn}{$op}; print $line; undef $match_hash{$conn}{$op}; } elsif ($line =~ /$REGEX/io) { if ($line_hash{$conn}{$op}) { print $line_hash{$conn}{$op}; print $line; } } undef $line_hash{$conn}{$op}; } } }