Need to do date conversion and evaluation in unix (epoch)

So what I need to accomplish is to make a unix shell script that I assume I will run as a cron task.  This script will need to do an action based on if it sees an entry x number of times in y period of time.  It needs to read a file that will look like this

Nov 13, 2008 4:18:22 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:32984
Nov 13, 2008 4:18:36 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:32990
Nov 13, 2008 4:18:50 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:32990
Nov 13, 2008 4:19:04 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:32996
Nov 13, 2008 4:19:18 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:32996
Nov 13, 2008 4:19:32 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33002
Nov 13, 2008 4:19:46 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33002
Nov 13, 2008 4:19:58 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33008
Nov 13, 2008 4:20:11 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33008
Nov 13, 2008 4:20:25 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33014
Nov 13, 2008 4:20:39 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33014
Nov 13, 2008 4:20:52 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33020
Nov 13, 2008 4:21:06 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33020
Nov 13, 2008 4:21:19 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33026
Nov 13, 2008 4:21:32 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33026
Nov 13, 2008 4:21:46 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33032
Nov 13, 2008 4:21:59 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33032
Nov 13, 2008 4:22:15 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33038
Nov 13, 2008 4:22:29 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33038
Nov 13, 2008 4:22:43 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33044
Nov 13, 2008 4:22:56 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33044
Nov 13, 2008 4:23:10 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33050
Nov 13, 2008 4:23:24 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33050
Nov 13, 2008 4:23:36 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33056
Nov 13, 2008 4:23:49 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33056
Nov 13, 2008 4:24:02 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:33062
Nov 13, 2008 4:24:17 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.208:33062
Nov 13, 2008 4:41:56 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.208:32782
Nov 14, 2008 1:26:50 AM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.193:33067
Nov 14, 2008 1:26:53 AM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.193:33073
Nov 14, 2008 8:54:36 PM CET NBBS Major NBBS-6000 Cluster node dropped: 10.97.39.193:33073
Nov 14, 2008 8:54:58 PM CET NBBS Normal NBBS-6001 Cluster node joined: 10.97.39.193:33079
Nov 15, 2008 4:42:27 PM CET NBBS Critical NBBS-2000 Cannot contact database
Nov 15, 2008 4:42:27 PM CET NBBS Critical NBBS-2000 Cannot contact database
Nov 15, 2008 4:42:27 PM CET NBBS Critical NBBS-2000 Cannot contact database

I will need to look for event Cluster node dropped and have a setable x and y value.  for example if x was 5 and y was 30 I will need to figure out if that line has appeared 5 times in the last 30 minutes.  I tried converting things to epoch time and comparing but not getting very far.  I also had something that would work in perl but perl is removed from these machines (Solaris 9 sparc) and cannot be installed.

Bash is available

Also if anyone has any ideas as to how I can tell if I already restarted and if the events have already been seen (not a good explaination) that would be nice too.

At the end of the day If a node has dropped x time in y period of time I want to restart the node but then I don't want to restart it again unless there are x new drops in y period.  I also need to get the ip out of the message for the node this happened on to restart.  thanks in advance.

Type11Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hugh FraserConsultantCommented:
There's a perl package called SEC (Simple Event Correlation) that can do what you want in realtime. It tails files, and implements correlation rules that trigger actions. The coirelation rules can be something like "execute command x if you see event a happen 5 times in 30 minutes".

I've used this to watch network switch events to recognize patterns and reduce event notifications to something that's reasonable to be paged on.

Note that SEC works in realtime. It's not suited for processing historical events.
0
Type11Author Commented:
Thanks for the advise.  I wish I could use perl but it was removed as part of hardening.  so it will need to be using basic unix commands and shell script.  thanks though
0
mikelfritzCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dzamfirCommented:
Hi. Are you still here? I can help you with this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.