需要unix命令的帮助:
我想从日志文件中列出/grep所有具有"abdc7dac-abdf-4088-ba87-ca5ee765f3eb"且etime大于5的行:
日志中的代码段:
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243079 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242947 op=2 msgID=3 result=0 nentries=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242945 op=2 msgID=3 result=0 nentries=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243083 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242989 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=2
期望输出:
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
grep abdc7dac-abdf-4088-ba87-ca5ee765f3eb logfile |awk -F "etime=" '$2>5{print}' > modifiedlog.txt
样本输出:
auxilus@ubuntu:~$ cat logfile
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1
msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243079 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242947 op=2 msgID=3 result=0 nentries=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242945 op=2 msgID=3 result=0 nentries=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243083 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242989 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=2
auxilus@ubuntu:~$ grep abdc7dac-abdf-4088-ba87-ca5ee765f3eb logfile |awk -F "etime=" '$2>5{print}'
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
auxilus@ubuntu:~$
更好的版本:
awk -F "etime=" '/abdc7dac-abdf-4088-ba87-ca5ee765f3eb/ {if ($2>5) {print}}' logfile
您不希望行以etime=结尾,数字在0到5之间。
从其他行中,您只希望看到abdc7dac-abdf-4088-ba87-ca5ee765f3eb的行。组合:
sed -n '/etime=[0-5]$/d;/abdc7dac-abdf-4088-ba87-ca5ee765f3eb/p' logfile
使用基本正则表达式的简单grep解决方案将处理值为6-9的单个etime=或任何多数字etime=(例如etime=[6-9]或etime=[0-9][0-9][0-9]*),该解决方案将为:
$ grep 'abdc7dac-abdf-4088-ba87-ca5ee765f3eb.*etime=([6-9]|[0-9][0-9][0-9]*).*$' file
使用file作为输入结果如下:
$ grep 'abdc7dac-abdf-4088-ba87-ca5ee765f3eb.*etime=([6-9]|[0-9][0-9][0-9]*).*$' file
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
如果您的文件还包含两位(或更多)的etime,也会被捕获,例如
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242989 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=12
您可以调整数字范围以根据需要定制匹配。