Cyri Posted March 26, 2008 Share Posted March 26, 2008 Pretty sure I'm over thinking this, but I'm hoping someone can put this into perspective. What I have are start and end date/time stamps for a process that runs periodically. Then I have a log file which is recording events the whole time through. How would I find my range between the start and end date/time stamps and query the log file for any events that occurred during that range?The date/time in the log file looks like this Fri Mar 14 01:08:57 2008. I have a simple compare routine now, but I'm currently breaking down each attribute. So I compare in this order: year, month, day, hour, min, sec. My current methodology is faulty, because if I get all the way down to the seconds then my compare breaks because the range may span over 1 minute which means all 60 seconds would be valid. In fact the range may elapse hours, minutes, or seconds.It's sloppy but here is some of my existing code.expandcollapse popup$logfile = FileOpen("C:\test.txt", 0) If $logfile = -1 Then MsgBox(0, "Error", "Unable to open file.") Exit -1 Else ;FileRead($logfile) EndIf $startdate = StringSplit(@YEAR & "," & @Mon & "," & @MDAY & "," & @HOUR & "," & @MIN & "," & @SEC, ",") ;Simulate running the process by creating a gap in the start/end range Sleep(10000) $endtime = StringSplit(@YEAR & "," & @Mon & "," & @MDAY & "," & @HOUR & "," & @MIN & "," & @SEC, ",") LogFind($logfile, $startdate, $endtime, "") Func LogFind($file, $start, $end, $findstring) ;Amount to trim (these are static in the log file) $montrim = 18 $daytrim = 22 $hourtrim = 25 $mintrim = 28 $sectrim = 31 $yeartrim = 34 $trim = 39 ;notepad for testing only While WinExists("", "notepad") $line = FileReadLine($file) If @error <> -1 Then ;Skip the week day (we don't care about that) ;Find $year variable $year = StringMid($line, $yeartrim, 4) ;Compare $year to start and end If $year >= $start[1] And $year <= $end[1] Then ;$next = True Else If $year > $end[1] Then Return 1 Else ContinueLoop EndIf EndIf ;Find $mon variable $mon = StringMid($line, $montrim, 3) ;Convert $mon to numbers If Not IsNumber($mon) Then $mon = Month($mon) EndIf ;Compare $month to start and end If $mon >= $start[2] And $mon <= $end[2] Then ;$next = True Else If $mon > $end[2] Then Return 1 Else ContinueLoop EndIf EndIf ;Find $day variable $day = StringMid($line, $daytrim, 2) ;Compare $day to start and end If $day >= $start[3] And $day <= $end[3] Then ;$next = True Else If $day > $end[3] Then Return 1 Else ContinueLoop EndIf EndIf ;Find $hour variable $hour = StringMid($line, $hourtrim, 2) ;Compare $hour to start and end If $hour >= $start[4] And $hour <= $end[4] Then ;$next = True Else If $hour > $end[4] Then Return 1 Else ContinueLoop EndIf EndIf ;Find $min variable $min = StringMid($line, $mintrim, 2) ;Compare $min to start and end If $min >= $start[5] And $min <= $end[5] Then ;$next = True Else If $min > $end[5] Then Return 1 Else ContinueLoop EndIf EndIf ;Find $sec variable $sec = StringMid($line, $sectrim, 2) ;Compare $sec to start and end If $sec >= $start[6] And $sec <= $end[6] Then ;$next = True Else If $sec > $end[6] Then Return 1 Else ContinueLoop EndIf EndIf EndIf Wend FileClose($file) EndFunc Link to comment Share on other sites More sharing options...
ptrex Posted March 26, 2008 Share Posted March 26, 2008 @Cyri For this there is only one good tool. see MS LogParser in AU3regardsptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New Link to comment Share on other sites More sharing options...
Cyri Posted March 26, 2008 Author Share Posted March 26, 2008 Thanks for the tip on Log Parser. I've used it in the past to query event logs on remote computers. However, I don't believe it's going to address my situation. I don't think the log file falls under any of the input formats mentioned. I double checked against the Log Parser documentation and it's closest to URLSCAN, but not spot on. That means I would probably need to use the TEXTLINE or TEXTWORD to query the log file which won't get me any closer to my goal. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now