BASH - 我如何获取IP地址并制作预期列表?

时间:2014-02-14 06:07:45

标签: bash awk

如何从文件中搜索这些行并仅获取最后一个IP地址:

2014-02-14 06:42:00.527219 [WARNING] sofia_reg.c:2701 Can't find user [100@xxxxxx] from 172.246.198.82
2014-02-14 06:50:44.967314 [WARNING] sofia_reg.c:2701 Can't find user [500@xxxxxx] from 172.246.162.250
2014-02-14 06:54:38.587312 [WARNING] sofia_reg.c:2701 Can't find user [100@xxxxxx] from 172.246.198.82
2014-02-14 07:05:32.667277 [WARNING] sofia_reg.c:2701 Can't find user [100@xxxxxx] from 172.246.198.82
2014-02-14 07:10:08.067256 [WARNING] sofia_reg.c:2701 Can't find user [100@xxxxxx] from 188.138.118.22
2014-02-14 07:16:29.747256 [WARNING] sofia_reg.c:2701 Can't find user [100@xxxxxx] from 172.246.198.82
2014-02-14 07:30:16.587253 [WARNING] sofia_reg.c:2701 Can't find user [100@xxxxxx] from 188.138.118.22
2014-02-14 07:46:10.727254 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:11.247254 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:11.767254 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:12.267221 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:12.767224 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:13.307251 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:13.767254 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:14.587252 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:15.267221 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:16.007254 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:16.507251 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:20.347236 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 07:46:20.807254 [WARNING] sofia_reg.c:2701 Can't find user [admin@xxxxxx] from 207.244.67.213
2014-02-14 08:01:18.467226 [WARNING] sofia_reg.c:2701 Can't find user [100@xxxxxx] from 188.138.118.22
2014-02-14 08:32:18.127200 [WARNING] sofia_reg.c:2701 Can't find user [100@xxxxxx] from 188.138.118.22
2014-02-14 09:00:29.967234 [WARNING] sofia_reg.c:2701 Can't find user [3000@xxxxxx] from 172.246.162.250
2014-02-14 09:03:13.207173 [WARNING] sofia_reg.c:2701 Can't find user [100@xxxxxx] from 188.138.118.22
2014-02-14 09:07:35.747256 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:36.187216 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:36.627217 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:37.067262 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:37.507219 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:37.927256 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:38.307205 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:38.947256 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:39.587246 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:40.327255 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:40.767255 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:41.207189 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:41.667163 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:07:42.107255 [WARNING] sofia_reg.c:2701 Can't find user [6000@xxxxxx] from 207.244.67.213
2014-02-14 09:14:53.367170 [WARNING] sofia_reg.c:2701 Can't find user [3000@xxxxxx] from 172.246.162.250
2014-02-14 09:18:57.127288 [WARNING] sofia_reg.c:2701 Can't find user [340136@xxxxxx] from 199.115.112.66

从上面列出以下列表:

-A INPUT -s 176.58.71.212/32 -j DROP
..

试过:但没有像预期的那样工作

grep "Can't find user" /usr/local/freeswitch/log/freeswitch.log | awk '{print $10}' | xargs echo "-A \n"

2 个答案:

答案 0 :(得分:2)

简单的解决方案如下: -

grep "Can't find user" /usr/local/freeswitch/log/freeswitch.log | \
awk  '{print "-A INPUT -s " $10 "-j DROP"}' 

根据评论中的要求,您要删除重复项。这可以通过以下方式实现: -

grep "Can't find user" /usr/local/freeswitch/log/freeswitch.log | \
awk  '{print "-A INPUT -s " $10 "-j DROP"}' | sort -u

正如评论中所指出的那样,还有其他方法可以解释这些方法稍微长一些,但也可能稍微快一点。 awk可以匹配模式本身意味着我们不需要grep。这可以按如下方式完成: -

awk  '/find user/ {print "-A INPUT -s " $NF "-j DROP"}' /usr/local/freeswitch/log/freeswitch.log

N.B。我使用字符串“find user”而不是“找不到用户”来避免字符串转义问题。

您还可以使用awk变量$ NF(字段数)来使您的脚本更加健壮。

答案 1 :(得分:2)

尝试此操作以避免重复

awk '/Can'"'"'t find user/ && !x[$NF]++ { print "-A INPUT -s " $NF "-j DROP" }' /usr/local/freeswitch/log/freeswitch.log