jamesandariese · March 6, 2015 05:45
diff --git a/bigawk.sh b/bigawk.sh
 # awk field separator for a slightly customized apache access log (the :443 is the custom part)

 awk -F ':443 |" |[][]| - - | [0-9][0-9]* "-"'

 # For your average apache log with square brackets around the date, this will give you the log
 # entries for the seconds around the entries you pipe into awk at the beginning
 # replace BADNESS_HERE with whatever you want to find seconds around.
 #
 # NOTE: this can also be used to find things that happened within the seconds around 5 minutes
 #       before the event by changing s/$/p1-p2+p/ to s/$/300-p1-p2+p/ and other interesting
 #       things.


 grep -Ff <(grep BADNESS_HERE access.log | awk -F ' [|] ' '{print $2}' | xargs -i date --date={} +%s |sed -e 's/$/p1-p2+p/'| dc | xargs -i date --date=@{} +'[%d/%b/%Y:%H:%M:%S -0800]') access.log
	# awk field separator for a slightly customized apache access log (the :443 is the custom part)

	awk -F ':443 \|" \|[][]\| - - \| [0-9][0-9]* "-"'

	# For your average apache log with square brackets around the date, this will give you the log
	# entries for the seconds around the entries you pipe into awk at the beginning
	# replace BADNESS_HERE with whatever you want to find seconds around.
	#
	# NOTE: this can also be used to find things that happened within the seconds around 5 minutes
	# before the event by changing s/$/p1-p2+p/ to s/$/300-p1-p2+p/ and other interesting
	# things.


	grep -Ff <(grep BADNESS_HERE access.log \| awk -F ' [\|] ' '{print $2}' \| xargs -i date --date={} +%s \|sed -e 's/$/p1-p2+p/'\| dc \| xargs -i date --date=@{} +'[%d/%b/%Y:%H:%M:%S -0800]') access.log