Created
July 25, 2022 18:56
-
-
Save gelosi/1a1a4ebb8f7406614ac790ddb0dc30d2 to your computer and use it in GitHub Desktop.
primitive analysing mac system log looking for gaps (e.g. sleep/off times) MacOS Sierra [ newer would requre changes in grep ]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pathlib | |
| import argparse | |
| import re | |
| import datetime | |
| parser = argparse.ArgumentParser(description="Looking for gaps in syslogs") | |
| parser.add_argument("log", type=pathlib.Path, help="Path to syslog dump") | |
| parser.add_argument("-m", "--min-interval", type=int, default=7200, help="Minimal Interval in seconds to print out (default is 2h / 7200 seconds)") | |
| parser.add_argument("-r", "--regexp", type=str, help="also look for strings expressed by Regular Expression (python's re syntax)") | |
| parser.add_argument("--debug", type=int, help="Stop After X Lines parsed (debug option)") | |
| # args = parser.parse_args(["log-jul-7.txt"]) | |
| args = parser.parse_args(["sys-jul-6.log.txt", "--debug", "1000", "-r", "'kernel:.*AppleACPIPlatform.*(Wake reason:.*)'"]) | |
| lineCount = 0 | |
| previousDate = None | |
| previousLine = "" | |
| maxDiffTime = datetime.timedelta(0) | |
| maxDiffLine = "" | |
| mioLinesTimeStart = datetime.datetime.now() | |
| with open(args.log) as log: | |
| for line in log: | |
| # this line might need edits, depending on MacOS version | |
| timeRecordResult = re.search('^(\d+-\d+-\d+ \d+:\d+:\d+.\d+\+\d+)', line) | |
| if timeRecordResult: | |
| timeString = timeRecordResult.group(1) | |
| if timeString: | |
| # date = datetime.datetime.fromisoformat(timeString) | |
| date = datetime.datetime.strptime(timeString, "%Y-%m-%d %H:%M:%S.%f%z") | |
| if previousDate: | |
| diff = date - previousDate | |
| # diff is 'timedelta' object | |
| # diff's total_seconds() will be always positive number | |
| # diff's days -> will actually set 'base' for diff moving forward or backward in time /shrug | |
| # i check diff.days to understand if we have 'wicked' records (with huge past interval) | |
| # those recodrds can appear at early system start, and only create confusion | |
| # therefore -> i try ignoring them | |
| if diff.days < -1: | |
| if args.debug: | |
| print(f"[ignore]👉: {line}") | |
| continue | |
| # print(f"diff: {diff.total_seconds()} for {date} and {previousDate}") | |
| if diff.total_seconds() > maxDiffTime.total_seconds(): | |
| maxDiffTime = diff | |
| maxDiffLine = line | |
| #print out 'big' time diffs | |
| if diff.total_seconds() >= args.min_interval: | |
| printableDiff = str(diff).split(".")[0]#drop microseconds precision | |
| print(f"⏱ {printableDiff} : {previousLine[0:31]} → {line[0:80]}") | |
| # in case of provided Regular Expression | |
| # analyse a bit of line value (and print out if we have something interesting for us) | |
| if args.regexp: | |
| reLine = re.search(args.regexp, line) | |
| if reLine: | |
| wakeInfo = reLine.group(1) | |
| if wakeInfo: | |
| print(f" ↪ {date.strftime('%y-%m-%d %H:%M:%S.%f')} {wakeInfo}\n\t👉{line}") | |
| print(f" ↪ {reLine}") | |
| print(f" ↪ {reLine[0]}") | |
| # cache for a moment previous line | |
| previousDate = date | |
| previousLine = line | |
| # exit(0) | |
| # else: | |
| # print(f"FAILED: {line}") | |
| lineCount += 1 | |
| if args.debug and lineCount >= args.debug: | |
| print(f"debug run of {args.debug} lines done [{lineCount} parsed]") | |
| break | |
| if lineCount % 1000000 == 0: | |
| currentTime = datetime.datetime.now() | |
| print(f"{lineCount/1000000}mio lines analysed in {currentTime - mioLinesTimeStart}") | |
| mioLinesTimeStart = currentTime | |
| print(f"MaxDiffTime is: {maxDiffTime} AT: {maxDiffLine}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment