here's the sample code. I assume that you are working on linux's GNU date command, and your log is sorted in time order.
BOOT_TIME
and TMP2
would be something like 2014-05-12 21:51
.
see http://tldp.org/LDP/abs/html/string-manipulation.html what ${VAR#}
and ${VAR$}
means
NOTE: who -b
does not seem to work if there is no user login'ed .
see the following URL for more details:
https://superuser.com/questions/263486/linux-getting-date-time-of-system-startup
#!/bin/bash
BOOT_TIME=$(date +"%F %H:%M" -d "$(cut -f1 -d. /proc/uptime) seconds ago")
REBOOT_FLAG=""
while read line;do
TMP1=${line%]*}
TMP2=${TMP1#[}
if [ -z "$REBOOT_FLAG" ] && [ "$TMP2" \> "$BOOT_TIME" ];then
echo REBOOTED
REBOOT_FLAG="true"
fi
echo "$line"
done
use it like
$ ./this-script.sh < logfile