我在以下目录...
的/ var /数/舍
我想要一个脚本检查是否有任何行以'错误'并包含一个单词' NotAuthorized'并且不包含' 13024'或' 31071'。
在/ var / log / homes /中,有700个文件,但这并不重要...
以下是我所拥有的......
#!/bin/bash
host=`hostname`
date=`date`
monitor='Error'
pattern='Error'
pattern2='NotAuthorized'
ignore=13024
ignore2=31071
logfile='/var/log/homes/*'
mailto='test@linux.com'
if [ -e $logfile ]
then
if [ `grep -i "$pattern" "$pattern2" "$logfile" | grep -v $ignore $ignore ]
then
echo "Errors found in $monitor at $date - see log $logfile on server $host for full details" |mail -s "ALERT - $errors in logs, please review" $mailto
elif [ `grep -i "$pattern2" "$logfile" |wc -l` -lt 1 ]
fi
else
echo "Logfile $logfile doesn't exist on server $host at $date, this is probably bad, please investigate" |mail -s "ALERT - $monitor monitor has an issue" $mailto
fi
答案 0 :(得分:1)
这应该有效:
grep "^Error" $logfile | grep "NotAuthorized" | grep -v "13024" | grep -v "31071"
grep "^Error":获取第i行"错误" grep "NotAuthorized":获取包含" NotAuthorized" grep -v "XXX":获取不包含" XXX" 答案 1 :(得分:1)
对我来说很好看。如果你使用所有这些条件,只需交叉检查:
grep "^Error" $file | grep "NotAuthorized" | grep -Ev "31071|13024"
^^^^^^^ ^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^
lines starting with Error | |
containing NotAuthorized
exclude either lines containing 31071 or 13024
要知道它发生了哪个文件,请在grep:
中使用-H选项
grep -H "^Error" $file | grep "NotAuthorized" | grep -Ev "31071|13024"
所以你们可以一起做:
grep -H "^Error" /var/log/homes/* | grep "NotAuthorized" | grep -Ev "31071|13024"
答案 2 :(得分:0)
打印任何以“错误”开头并包含“NotAuthorized”字样并且不包含“13024”或“31071”的行:
sed -n '/^Error/{/NotAuthorized/{/13024/!{/31071/!p}}}'
答案 3 :(得分:0)
这awk可能会:
awk '/^Error/ && /NotAuthorized/ && !/31071|13024/' $logfile