On Tue, Aug 14, 2007 at 03:07:37PM -0400, Will Murnane wrote: > On 8/14/07, Andrew Suffield <[EMAIL PROTECTED]> wrote: > > That seems correctable. Pass the log through tac, use head instead of > > tail, and pass the output of head through tac again. > 'tail' is much faster. Even with a huge file (the one I tested with > is 26 gigabytes) it simply mmap()s the file and then scans backwards > until it's got enough newlines - it took about 1/20th of a second on > that 26GB file. Perhaps shorewall is using a different, less > efficient method?
It's (source) | grep | sed | sed | tail. I can't see any straightforward way to improve it other than (source) | tac | grep | head | tac | sed | sed. Note that the problem is of the form "find the last 20 (lines matching the regexp)"; if it was "(find the last 20 lines) matching the regexp" then using tail directly on the file would indeed be faster. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
