{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 爱情/是我丢掉的垃圾 的问题《AIX: using grep command to log two lines from a fi》','https://www.manongdao.com/q-816128.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Basically oracle audit entries stored as .aud files in my AIX system
/oracle/SBX/saptrace/audit/
The entries of these files looks something like this :
Tue Jul 2 08:41:53 2013 +02:00
LENGTH : '159'
ACTION :[6] 'COMMIT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'orasbx'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1854349635'
Tue Jul 2 08:41:53 2013 +02:00
LENGTH : '159'
ACTION :[6] 'COMMIT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'orasbx'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1854349635'
Tue Jul 2 08:42:16 2013 +02:00
LENGTH : '222'
ACTION :[68] 'update SAPPRD.USR02 set uflag=64 where BNAME='CANAS' and MANDT='000''
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'orasbx'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1854349635'
Now i have schedule a shell script in crontab for it to run every three hours.
Script is something like this:
#/bin/sh
grep -i USR02 /oracle/SBX/saptrace/audit/*.aud > /EDB/log/check_audit_dest.log
grep -i USH02 /oracle/SBX/saptrace/audit/*.aud >> /EDB/log/check_audit_dest.log
grep -i TCURR /oracle/SBX/saptrace/audit/*.aud >> /EDB/log/check_audit_dest.log
grep -i REGUH /oracle/SBX/saptrace/audit/*.aud >> /EDB/log/check_audit_dest.log
grep -i LFB1 /oracle/SBX/saptrace/audit/*.aud >> /EDB/log/check_audit_dest.log
grep -i LFA1 /oracle/SBX/saptrace/audit/*.aud >> /EDB/log/check_audit_dest.logs
What this script does is if there is any operations these tables it log that line into /EDB/log/check_audit_dest.log
Like this:
# cat /EDB/log/check_audit_dest.log
/oracle/SBX/saptrace/audit/sbx_ora_13828348_1.aud:ACTION :[68] 'update SAPPRD.USR02 set uflag=64 where BNAME='CANAS' and MANDT='000''
/oracle/SBX/saptrace/audit/sbx_ora_8847374_1.aud:ACTION :[67] 'update SAPPRD.USR02 set uflag=0 where BNAME='CANAS' and MANDT='000''
Now what i want is apart from that line i also want first line of every entry to be log in that log file(for example:Tue Jul 2 08:42:16 2013 +02:00).
Thank you
Ed Morton gave an awk solution with setting
RSandFS. Here is another solution with awk:the first part
!$0{delete a;next}could be removed if your file is not a huge monster:output with your input:
Why don't you do it like this?
grep -eadmits multiple parameters. So instead ofgrep -i ONEand thengrep -i TWO, you can dogrep -Ei "ONE|TWO".With
-B 2what you do is to print the two previous lines of the matched line.Test
All together will make the following:
and if you do not want the line in the middle,
Given the sample input you posted, all you need is:
If that doesn't do it, post some more representative input and expected output.
Explanation as requested below by fedorqui
RS==> records are separated by blank lines-F'\n'=> fields within a record are separated by newlines/USR02|USH02|TCURR|REGUH|LFB1|LFA1/=> look for records that contain any of the|-separated stringsprint FILENAME, $1, $3=> print the name of the current file, and the 1st and 3rd lines/fields of the current record, the 1st line being the date and the 3rd being the ACTION.