I am trying to get information about a USB connected in Linux from the syslog file (/ var / log / messages).
To do this, I read the log file and received the information. Now, what am I doing, I read the syslog file and tried to find the latest appearance (recently connected USB drive) "New USB device found." then I try to read the next 16 lines after that to get information about USB (size, serial number, manufacturer, etc.).
I am currently using the following syntax:
grep -A 20 -e 'New USB device found' /var/log/messages | tail -n 16 > usb_detail
But this syntax fails in one case. if there are 25 lines after "New USB ...", then I will get the last 16, and then I will skip the actual information that is required. if after "New USB ..." there are only 16 lines, then it will work fine, and I will get the necessary information.
So, I want to get 16 lines immediately after the last appearance of "New USB device found". Not the last 16 lines after "New USB device found".
Please let me know if my question is not clear. Thanks in advance for your time.
source
share