Goverp Advocate
Joined: 07 Mar 2007 Posts: 2182
|
Posted: Thu Aug 01, 2019 10:47 pm Post subject: Shell script to mimic journalctl -b for syslog users |
|
|
For those that choose to use OpenRc syslog/syslog-ng and so forth (like me) instead of systemd and journalctl, the following shell script can be applied to a syslog file to mimic one of journalctl's useful features.
"journalctl -b" shows the log records for just one boot. (See the journalctl man page for details.)
Syntax:
Code: | bootLog <n> <syslog file> |
where "n" is an optional offset; if positive, from the start of the syslog file, if negative or 0, from the end of the file. The default is -0, i.e. the most recent boot.
and "syslog file" is the name of your syslog, "/var/log/messages" by default.
Boots are identified by a string in the first line of kernel output, "kernel: Linux version"in my case. You can edit the value "bootIdentifier" in the script below.
The shell script uses awk and perhaps tac, and simply produces output to stdout. You can of course pipe it to less, for example:
displays the log for the previous boot.
There's no error checking, and if the offset takes you out of range of the file, you get an empty result.
Store the script below as "/usr/local/bin/bootLog" and Code: | chmod +x /usr/local/bin/bootLog | . There's probably some smart way to get the syntax colouring in the display below, but I don't know it.
Code: | #! /bin/sh
bootIdentifier="/kernel: Linux version/"
logfile="${2:-/var/log/messages}"
which="${1:-0}"
if [ $which -le 0 ]
then
which=$(( -$which ))
tac $logfile | awk -v n=$which "(l==n){print} ${bootIdentifier}{l++} (l>n){exit}" | tac
else
awk -v n=$which "${bootIdentifier}{l++} (l==n){print} (l>n){exit}" $logfile
fi |
_________________ Greybeard |
|