How to "tail" the modsecurity logfile until a certain timestamp?

Question

I have a modsecurity logfile where I want to get the last events until a certain timestamp. A short introduction in how modsecurity logfiles are assembled: for example, 1 event is presented like:

--8b014015-A--
[16/Mar/2016:20:13:02 +0100]
...omitted... 
--8b014015-B--
...omitted... 
--8b014015-F--
...omitted... 
--8b014015-H--
...omitted... 
--8b014015-Z--

A full example can be found here http://pastebin.com/M1iqnY6L

I was thinking to combine tail and grep.

1. grep to find the line of the timestamp (lets call this line timestampLine)
2. tailLines = (total lines in the file) - (timestampLine + 1)
   //+ 1 because a request has the first line with --id-A-- and second line the timestamp
3. tail -n $tailLines logfile.log

Is there a better way? If not, how do I grep this timestamp and get the line-number from step 1?

Answer 1

awk '{print};/\[16\/Mar\/2016:20:13:02/ {exit}' logfile