linux - 为什么grep不能在查询中捕获冒号

Question

我尝试从syslog中查找带有冒号的2月定义日期的错误。但是在所有情况下使用grep都没有运气：

％grep“ 18:18:25” / var / log / messages＃我需要2月
％grep“ *：18：25” / var / log / messages＃我需要2月
％grep“ ^ *：18:25” / var / log / messages＃我需要2月
％grep“ ^。*：18:25” / var / log / messages＃我需要2月

％grep -e“ ^。* 18:18:25” / var / log / messages＃我需要2月
％grep -e“ ^ .18：18：25” / var / log / messages＃我需要2月
％grep -e“ ^ 18：18：25” / var / log / messages＃我需要2月
％grep -e“ ^ Feb.18：18：25” / var / log / messages
％grep -e“ ^ Feb。：18：25” / var / log / messages
％grep -e“ ^ Feb。*：18:25” / var / log / messages


可能存在更完善的程序吗？

Answer 1

已经尝试过使用我的本地日志，它可以工作。以下是消息日志

**[root@applekm ~]# cat /var/log/messages**
Feb  9 03:40:04 applekm kernel: imklog 4.6.2, log source = /proc/kmsg started.
Feb  9 03:40:04 applekm rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="2077" x-info="http://www.rsyslog.com"] (re)start
Feb  9 03:40:24 applekm rhsmd: This system is registered to RHN Classic
Feb 10 03:10:03 applekm rhsmd: This system is registered to RHN Classic
Feb 11 03:14:28 applekm rhsmd: This system is registered to RHN Classic
Feb 11 11:59:28 applekm abrt[31046]: saved core dump of pid 31032 (/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java) to /var/spool/abrt/ccpp-2014-02-11-11:59:27-31032.new/coredump (590483456 bytes)
Feb 11 11:59:28 applekm abrt[31046]: /var/spool/abrt is 1738308913 bytes (more than 1279 MB), deleting 'ccpp-2014-01-07-20:49:05-7481'
Feb 12 03:49:07 applekm rhsmd: This system is registered to RHN Classic
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 11:32:37 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 12 23:16:19 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 03:44:47 applekm rhsmd: This system is registered to RHN Classic
Feb 13 12:10:01 applekm auditd[2050]: Audit daemon rotating log files
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:49 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:49 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 14 03:14:18 applekm rhsmd: This system is registered to RHN Classic

使用grep本身，查找模式/ ^ Feb日期/（即）以2月，空格，所需日期和一个空格开头的行。

[root@applekm ~]# grep "^Feb 13 " /var/log/messages 
Feb 13 03:44:47 applekm rhsmd: This system is registered to RHN Classic
Feb 13 12:10:01 applekm auditd[2050]: Audit daemon rotating log files
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:48 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:49 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
Feb 13 23:22:49 applekm SYMBDSNAP_SDK[1951]: Failed to open device: /dev/symbdsnapctl, errno: 2.
[root@applekm ~]# 
[root@applekm ~]# 
[root@applekm ~]# grep "^Feb 14 " /var/log/messages
Feb 14 03:14:18 applekm rhsmd: This system is registered to RHN Classic
[root@applekm ~]# 

希望会有所帮助。