search-w3.sh¶
File:
iis/iis_scripts/search-w3.sh
# search-w3.sh
#!/bin/bash
#
# Search W3C IIS logs (auto-parses field positions from #Fields: header)
#
# Usage:
# cd /rootA/inetpub
# ./search-w3.sh --code "403"
# ./search-w3.sh --path "/OrderTests" --time "14:00:00-15:00:00"
# ./search-w3.sh --code "403" --path "/api/order"
#
# Options:
# --path : URL pattern to match (e.g. "/OrderTests")
# --time : Time range (e.g. "14:00:00-15:00:00")
# --code : HTTP status code (exact match, e.g. "403")
#
# Output: Opens fzf with preview, press Enter to open in editor
path_pattern=""
time_start=""
time_end=""
error_code=""
while [[ $# -gt 0 ]]; do
case $1 in
--path) path_pattern="$2"; shift 2;;
--time)
time_start=$(echo "$2" | cut -d'-' -f1)
time_end=$(echo "$2" | cut -d'-' -f2)
shift 2;;
--code) error_code="$2"; shift 2;;
*) shift;;
esac
done
find . -type f | while read file; do
# Parse W3C field positions
fields=$(grep "^#Fields:" "$file" | head -1)
time_col=$(echo "$fields" | awk '{for(i=1;i<=NF;i++) if($i=="time") print i-1}')
uri_col=$(echo "$fields" | awk '{for(i=1;i<=NF;i++) if($i=="cs-uri-stem") print i-1}')
status_col=$(echo "$fields" | awk '{for(i=1;i<=NF;i++) if($i=="sc-status") print i-1}')
awk -v path="$path_pattern" -v tstart="$time_start" -v tend="$time_end" \
-v code="$error_code" -v tc="$time_col" -v uc="$uri_col" -v sc="$status_col" \
-v fname="$file" '
!/^#/ {
if ((tstart == "" || $tc >= tstart) && (tend == "" || $tc <= tend) &&
(path == "" || $uc ~ path) &&
(code == "" || $sc == code)) {
print fname ":" NR ":" $0
}
}' "$file"
done | fzf --ansi \
--delimiter=: \
--preview 'bat --color=always --highlight-line {2} --line-range {2}: {1} 2>/dev/null || cat {1} | sed -n "$(($(echo {2})-5)),$(($(echo {2})+5))p"' \
--preview-window 'right:60%:+{2}-5' \
--bind 'enter:execute(${EDITOR:-vim} +{2} {1})'