Hello all, I was searching, but could not found the way how to grep last e.g. 5 minutes from audit.log
or nextcloud.log
. I try this command:
awk -v d1="$(date --date="-125 min" "+%Y-%m-%dT%H:%M:00+00:00")" -v d2="$(date --date="-100 min" "+%Y-%m-%dT%H:%M:00+00:00"")" -F'["]' '$10 > d1 && $10 < d2 || $10 ~ d2' audit.log
But without any success.
I find out that:
- Logs time is in Time Zone Zero and ether my system wrongly configured, or it is ignoring config. Funny thing is that in Logging App time showed correctly to my time zone. For this basically I put
-125 min
to bring it to my time Zone. - Logs are not easy to grep. With current format it is not easy for AWK to find the correct path. E.g. Logs format is
{"reqId":"DqPobz65sMuK45Q6Acxq","level":1,"time":"2020-05-07T08:43:08+00:00","remoteAddr":"xxx.xxx.xxx.xx","user":"xxx","app":"admin_audit","method":"GET","url":"/ocs/v2.php/apps/serverinfo/api/v1/info","message":"Login successful: \"xxx\"","userAgent":"curl/7.58.0","version":"18.0.4.2"}
I checked that date works correctly and bring output in NC like format:
# date --date="-125 min" "+%Y-%m-%dT%H:%M:00+00:00"
2020-05-07T08:41:00+00:00
I checked that I can AWK this field number 10:
# awk -F'["]' '{print $10}' audit.log | tail
2020-05-07T07:55:02+00:00
2020-05-07T08:00:01+00:00
2020-05-07T08:00:02+00:00
2020-05-07T08:00:02+00:00
2020-05-07T08:00:08+00:00
2020-05-07T08:00:08+00:00
2020-05-07T08:00:08+00:00
2020-05-07T08:00:08+00:00
2020-05-07T08:00:08+00:00
2020-05-07T08:00:08+00:00
But then all together it does not work. So, how to see nextcloud logs for a last 5 minutes?