diff --git a/pull-logs.sh b/pull-logs.sh index 453cde4..0a0eccb 100644 --- a/pull-logs.sh +++ b/pull-logs.sh @@ -1,29 +1,71 @@ #!/bin/bash # Check if correct number of arguments are passed -if [ "$#" -ne 4 ]; then - echo "Usage: $0 " - echo "Example: $0 2024-09-26 08:00:00 2024-09-26 12:00:00" +if [ "$#" -ne 3 ]; then + echo "Usage: $0 " + echo "Example: $0 2024-09-28 11:35 5" + echo "The time range is in minutes." exit 1 fi -START_DATE=$1 -START_TIME=$2 -END_DATE=$3 -END_TIME=$4 +TARGET_DATE=$1 +TARGET_TIME=$2 +RANGE=$3 -# Combine date and time into the format expected by journalctl -START="$START_DATE $START_TIME" -END="$END_DATE $END_TIME" +# Combine date and time for start and end times +START=$(date -d "$TARGET_DATE $TARGET_TIME - $RANGE minutes" +"%Y-%m-%d %H:%M:%S") +END=$(date -d "$TARGET_DATE $TARGET_TIME + $RANGE minutes" +"%Y-%m-%d %H:%M:%S") -# Check if journalctl is available on the server -if ! command -v journalctl &> /dev/null -then - echo "journalctl could not be found. Please install it first." - exit 1 -fi +echo "Collecting logs from $START to $END" -# Fetch logs from the given date/time range -journalctl --since="$START" --until="$END" > /tmp/logs_${START_DATE}_${START_TIME}_to_${END_DATE}_${END_TIME}.log +# Function to check journalctl logs +get_journalctl_logs() { + if command -v journalctl &> /dev/null; then + echo "----- Journalctl Logs -----" + journalctl --since="$START" --until="$END" + else + echo "journalctl not found, skipping..." + fi +} -echo "Logs from $START to $END have been saved to /tmp/logs_${START_DATE}_${START_TIME}_to_${END_DATE}_${END_TIME}.log" +# Function to check logs in /var/log +get_var_log_logs() { + echo "----- /var/log Logs -----" + log_files=(/var/log/syslog /var/log/auth.log /var/log/kern.log /var/log/dmesg) + + for log in "${log_files[@]}"; do + if [[ -f $log ]]; then + echo "Logs from $log" + awk -v start="$START" -v end="$END" '{ + # Extract date and time from each line depending on log format + logtime = $1 " " $2 " " $3 + logtime_epoch = mktime(gensub(/-|:/, " ", "g", logtime)) + start_epoch = mktime(gensub(/-|:/, " ", "g", start)) + end_epoch = mktime(gensub(/-|:/, " ", "g", end)) + if (logtime_epoch >= start_epoch && logtime_epoch <= end_epoch) { + print $0 + } + }' $log + else + echo "$log not found, skipping..." + fi + done +} + +# Function to check logs of specific services like nginx or apache2 +get_service_logs() { + echo "----- Service Logs (nginx, apache, mysql, etc.) -----" + + # Add specific service logs as needed + service_logs=(/var/log/nginx/access.log /var/log/nginx/error.log /var/log/apache2/access.log /var/log/mysql/error.log) + + for log in "${service_logs[@]}"; do + if [[ -f $log ]]; then + echo "Logs from $log" + awk -v start="$START" -v end="$END" '{ + # Similar to /var/log, but make adjustments if needed for service-specific formats + logtime = $1 " " $2 + logtime_epoch = mktime(gensub(/-|:/, " ", "g", logtime)) + start_epoch = mktime(gensub(/-|:/, " ", "g", start)) + end_epoch = mktime(gensub(/-|:/, " ", "g", end)) + if (logtime_epoch >= start_ep