Linux學習26-linux查看某個時間段的日誌(sed -n)-史上最詳細

前言

在linux上查找日誌的時候，若是我想找出某個時間段的日誌，好比查找今天早上8點到下午2點的日誌。
用grep不太方便直接過濾出來，能夠使用sed根據時間去查找

sed -n '/開始時間日期/,/結束時間日期/p' all.log

查找日誌

好比下面這段日誌,前面的時間格式都是相似 2019-10-21 07:44:20

2019-10-24 21:33:31,678 [django.request:93] [base:get_response] [WARNING]- Not Found: /http:/123.125.114.144/
2019-10-24 21:33:31,679 [django.server:124] [basehttp:log_message] [WARNING]- "HEAD http://123.125.114.144/ HTTP/1.1" 404 1678
2019-10-24 22:14:04,121 [django.server:124] [basehttp:log_message] [INFO]- code 400, message Bad request version ('HTTP')
2019-10-24 22:14:04,122 [django.server:124] [basehttp:log_message] [WARNING]- "GET ../../mnt/custom/ProductDefinition HTTP" 400 -
2019-10-24 22:16:21,052 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/login HTTP/1.1" 301 0
2019-10-24 22:16:21,123 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/login/ HTTP/1.1" 200 3876
2019-10-24 22:16:21,192 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/img/main_bg.png HTTP/1.1" 200 2801
2019-10-24 22:16:21,196 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/iconfont/style.css HTTP/1.1" 200 1638
2019-10-24 22:16:21,229 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/img/bg.jpg HTTP/1.1" 200 135990
2019-10-24 22:16:21,307 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/iconfont/fonts/icomoon.ttf?u4m6fy HTTP/1.1" 200 6900
2019-10-24 22:16:23,525 [django.server:124] [basehttp:log_message] [INFO]- "POST /api/login/ HTTP/1.1" 302 0
2019-10-24 22:16:23,618 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/index/ HTTP/1.1" 200 18447
2019-10-24 22:16:23,709 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/js/commons.js HTTP/1.1" 200 13209
2019-10-24 22:16:23,712 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/css/admin.css HTTP/1.1" 200 19660
2019-10-24 22:16:23,712 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/css/common.css HTTP/1.1" 200 1004
2019-10-24 22:16:23,714 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/js/app.js HTTP/1.1" 200 20844
2019-10-24 22:16:26,509 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/report_list/1/ HTTP/1.1" 200 14649
2019-10-24 22:16:51,496 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/test_list/1/ HTTP/1.1" 200 24874
2019-10-24 22:16:51,721 [django.server:124] [basehttp:log_message] [INFO]- "POST /api/add_case/ HTTP/1.1" 200 0
2019-10-24 22:16:59,707 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/test_list/1/ HTTP/1.1" 200 24874
2019-10-24 22:16:59,909 [django.server:124] [basehttp:log_message] [INFO]- "POST /api/add_case/ HTTP/1.1" 200 0
2019-10-24 22:17:01,306 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/edit_case/1/ HTTP/1.1" 200 36504
2019-10-24 22:17:06,265 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/add_project/ HTTP/1.1" 200 17737
2019-10-24 22:17:07,825 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/project_list/1/ HTTP/1.1" 200 29789
2019-10-24 22:17:13,116 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/add_config/ HTTP/1.1" 200 24816
2019-10-24 22:17:19,671 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/config_list/1/ HTTP/1.1" 200 19532

好比我要查找上面的從 2019-10-24 22:16:21 到 2019-10-24 22:16:59 這個時間段的日誌

sed -n '/2019-10-24 22:16:21/,/2019-10-24 22:16:59/p' all.log

[root@VM_0_2_centos logs]# sed -n  '/2019-10-24 22:16:21/,/2019-10-24 22:16:59/p' all.log
2019-10-24 22:16:21,052 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/login HTTP/1.1" 301 0
2019-10-24 22:16:21,123 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/login/ HTTP/1.1" 200 3876
2019-10-24 22:16:21,192 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/img/main_bg.png HTTP/1.1" 200 2801
2019-10-24 22:16:21,196 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/iconfont/style.css HTTP/1.1" 200 1638
2019-10-24 22:16:21,229 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/img/bg.jpg HTTP/1.1" 200 135990
2019-10-24 22:16:21,307 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/iconfont/fonts/icomoon.ttf?u4m6fy HTTP/1.1" 200 6900
2019-10-24 22:16:23,525 [django.server:124] [basehttp:log_message] [INFO]- "POST /api/login/ HTTP/1.1" 302 0
2019-10-24 22:16:23,618 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/index/ HTTP/1.1" 200 18447
2019-10-24 22:16:23,709 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/js/commons.js HTTP/1.1" 200 13209
2019-10-24 22:16:23,712 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/css/admin.css HTTP/1.1" 200 19660
2019-10-24 22:16:23,712 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/css/common.css HTTP/1.1" 200 1004
2019-10-24 22:16:23,714 [django.server:124] [basehttp:log_message] [INFO]- "GET /static/assets/js/app.js HTTP/1.1" 200 20844
2019-10-24 22:16:26,509 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/report_list/1/ HTTP/1.1" 200 14649
2019-10-24 22:16:51,496 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/test_list/1/ HTTP/1.1" 200 24874
2019-10-24 22:16:51,721 [django.server:124] [basehttp:log_message] [INFO]- "POST /api/add_case/ HTTP/1.1" 200 0
2019-10-24 22:16:59,707 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/test_list/1/ HTTP/1.1" 200 24874
[root@VM_0_2_centos logs]#

看起來使用很簡單，可是會有很大坑，好比時間後面的/p不能漏掉了

遇到的坑

開始時間和結束時間必需要是日誌裏面有的，要是沒有的時間，那查找就沒有結果，這個我也被坑過，看網上的教程都是這句，但評論裏面總有人說沒成功。
後來通過實踐，指令是沒有問題的，只是開始時間和結束時間必需要是日誌裏面有才行。

若是開始時間日誌裏面是沒有的，那麼查詢結果爲空，好比開始時間沒有2019-10-24 22:16:22

sed -n '/2019-10-24 22:16:22/,/2019-10-24 22:16:59/p' all.log

若是結束時間日誌裏面是沒有的，查詢的結果就是開始時間到最後的所有日誌

sed -n '/2019-10-24 22:16:21/,/2019-10-24 22:16:58/p' all.log

模糊查詢

若是不知道日誌的開始時間，不能精確到秒，能夠用模糊查詢,好比查詢時間段2019-10-24 22:14 到 2019-10-24 22:16

sed -n '/2019-10-24 22:14:*/,/2019-10-24 22:16:*/p' all.log

[root@VM_0_2_centos logs]# sed -n  '/2019-10-24 22:14:*/,/2019-10-24 22:16:*/p' all.log
2019-10-24 22:14:04,121 [django.server:124] [basehttp:log_message] [INFO]- code 400, message Bad request version ('HTTP')
2019-10-24 22:14:04,122 [django.server:124] [basehttp:log_message] [WARNING]- "GET ../../mnt/custom/ProductDefinition HTTP" 400 -
2019-10-24 22:16:21,052 [django.server:124] [basehttp:log_message] [INFO]- "GET /api/login HTTP/1.1" 301 0
[root@VM_0_2_centos logs]#

也能夠按小時模糊查詢

sed -n '/2019-10-24 21*/,/2019-10-24 22*/p' all.log

結合grep查詢

sed 也能夠結合 grep 使用，好比我查詢上面日誌某個時間段的帶有 POST 的日誌行

sed -n '/2019-10-24 22:16:21/,/2019-10-21 20:16:58/p' all.log | grep POST

[root@VM_0_2_centos logs]# sed -n  '/2019-10-24 22:16:21/,/2019-10-21 20:16:58/p' all.log | grep post
[root@VM_0_2_centos logs]# sed -n  '/2019-10-24 22:16:21/,/2019-10-21 20:16:58/p' all.log | grep POST
2019-10-24 22:16:23,525 [django.server:124] [basehttp:log_message] [INFO]- "POST /api/login/ HTTP/1.1" 302 0
2019-10-24 22:16:51,721 [django.server:124] [basehttp:log_message] [INFO]- "POST /api/add_case/ HTTP/1.1" 200 0
2019-10-24 22:16:59,909 [django.server:124] [basehttp:log_message] [INFO]- "POST /api/add_case/ HTTP/1.1" 200 0
2019-10-24 22:17:19,864 [django.server:124] [basehttp:log_message] [INFO]- "POST /api/add_case/ HTTP/1.1" 200 0
[root@VM_0_2_centos logs]#

日誌導出

咱們能夠查詢某個時間段的日誌，導出到本地

sed -n '/2019-10-24 22:16:21/,/2019-10-21 20:16:58/p' all.log > yoyo.log

[root@VM_0_2_centos logs]# sed -n  '/2019-10-24 22:16:21/,/2019-10-21 20:16:58/p' all.log > yoyo.log
[root@VM_0_2_centos logs]# ll
total 1740
-rw-r--r-- 1 root root    1907 Oct 24 22:54 11.txt
-rw-r--r-- 1 root root 1081515 Oct 24 23:04 all.log
-rw-r--r-- 1 root root  686962 Oct 24 23:04 script.log
-rw-r--r-- 1 root root    3053 Oct 24 23:08 yoyo.log
[root@VM_0_2_centos logs]#