[BBLISA] Does this tool exist?

[Aaron D. Ball]

Eric asked:
> Is there something that will tell me when there are gaps in a log
> file?

I don't think this is going to happen:  there are unfortunately too
many different log formats floating around, and the date can be
anywhere or nowhere in a line and written in any number of ways.  The
Unix "small tools" approach has historically stopped short of
human-equivalent natural-language-parsing AI, more's the pity.

I tend to do this sort of thing with a one-off one-liner in a
scripting language.  Ruby's Time module includes a parse() function
that does quite well.  For example, here's a one-liner that reports
messages in my Ubuntu mail.log on either side of a gap of at least an
hour:

   ruby -rtime -ane 't = Time.parse($F[0..2].join " "); puts $om, $_
if $ot and t - $ot >= 3600 ; $ot, $om = t, $_' mail.log

N.B. for those who hear "Rails" every time someone says "Ruby":  this
is a very Perlish way of using Ruby, and indeed Ruby has been the new
Perl for me for almost a decade now.  I like it because it comes with
more batteries and fewer brackets.

-n iterates over the file line-by-line, putting the result into $_
-a autosplits each line into the $F array; for mail.log the first 3
fields will make up the time
-e supplies the script on the command line
-rtime pulls in the time library