Using agrep to parse log files

Posted At : 17 June 2009 09:49 | Posted By : Duncan Loxton
Related Categories: Technology

How to use agrep, a windows based version of the linux command line grep tool

This example comes from finding lines related to a message in smartermail log files.

Lets assume we are trying to find an email and track the actions our mail server did for that email. First I am going to filter the logs for the 16/6/2009 and return only the lines for a particular domain.

To do this we copy the days log files into a /tmp directory and run the following:

D:\SmarterMail\Logs\tmp>agrep -k "domain.com" * > d:\smartermail\logs\tmp\out\out.txt

This will give us every line in all the files in the tmp directory relating to domain.com. We can then sift through this manually to find a row relating to the mail we need.

One of these lines looks like this:

2009.06.16-delivery.log: 10:36:11 [25354] Delivery started for webmaster@domain.com at 10:36:11 AM

Notice the [xxxxx] reference number - this is carried through all logs for this particular email, so we can use thet to find all log entries about this mail:

D:\SmarterMail\Logs\tmp>agrep -k "[25354]" * > d:\smartermail\logs\tmp\out\out.txt

this outputs all the lines with [25354] in them to the out.txt file

2009.06.16-delivery.log: 10:36:11 [25354] Delivery started for webmaster@domain.com at 10:36:11 AM
2009.06.16-delivery.log: 10:36:43 [25354] Launching 'C:\Program Files\DKeyEvent\dkeyevent.exe' command line exe.
2009.06.16-delivery.log: 10:36:44 [25354] Command line exe finished.
2009.06.16-delivery.log: 10:36:46 [25354] Starting local delivery to webmaster@domain.com.au
2009.06.16-delivery.log: 10:36:46 [25354] Delivery for webmaster@domain.com to webmaster@domain.com.au has completed (Forwarded Deleted) Filter: None
2009.06.16-delivery.log: 10:36:46 [25354] End delivery to webmaster@domain.com.au