Get specific time log from Web server access log

2 min readApr 29, 2020

This is my access log

10.6.137.106 - - [27/Apr/2020:12:58:21 +0700] "GET / HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:22 +0700] "GET / HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:23 +0700] "GET / HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:23 +0700] "GET / HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:24 +0700] "GET /cp HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:24 +0700] "GET /cp HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:24 +0700] "GET /cpp HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:24 +0700] "GET /cpp HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:25 +0700] "GET /cppt HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:25 +0700] "GET /cppt HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:25 +0700] "GET /cppto HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.6.137.106 - - [27/Apr/2020:12:58:25 +0700] "GET /cppto HTTP/1.1" 301 178 "-" "WhatsApp/2.20.123 A"  "0.000" "-" 
10.67.43.61 - - [27/Apr/2020:13:30:18 +0700] "GET / HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"  "0.000" "-" 
10.67.43.61 - - [27/Apr/2020:13:30:18 +0700] "GET /home.asp HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"  "0.000" "-" 
10.67.43.61 - - [27/Apr/2020:13:30:19 +0700] "GET /login.cgi?uri= HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"  "0.000" "-" 
10.67.43.61 - - [27/Apr/2020:13:30:20 +0700] "GET /vpn/index.html HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"  "0.000" "-" 
10.67.43.61 - - [27/Apr/2020:13:30:21 +0700] "GET /cgi-bin/luci HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"  "0.000" "-" 
10.67.43.61 - - [27/Apr/2020:13:30:21 +0700] "GET /dana-na/auth/url_default/welcome.cgi HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"  "0.000" "-" 
10.67.43.61 - - [27/Apr/2020:13:30:22 +0700] "GET /remote/login?lang=en HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"  "0.000" "-" 
10.67.43.61 - - [27/Apr/2020:13:30:23 +0700] "GET /index.asp HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"  "0.000" "-" 
10.67.43.61 - - [27/Apr/2020:13:30:24 +0700] "GET /htmlV/welcomeMain.htm HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"  "0.000" "-"

Column $4 is timestamp

Below command will print all log since 10 second ago.

awk -vDate=$(date -d"now-10 sec" +[%d/%b/%Y:%H:%M:%S) '{ if ($4 > Date) print $0}'  access_log

you can change now-10 sec to any time you want and don’t forget to change timestamp location, it may not located on $4.

Done.

Get specific time log from Web server access log

Written by Jbn1233

No responses yet