如何将多个awk合并为一个？

Question

我在bash shell中使用awk来分析syslog。赶上ip匹配我想要的东西，像

#!/bin/bash
awk -F'[#]|client ' '/query.*denied/{a[$2];b[$2]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",query_denied", b[i]}' /var/log/syslog.1 > output
awk -F'[()]|smtp:|submission:' '/max connection count/{a[$3];b[$3]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",max_connection_count", b[i]}' /var/log/syslog.1 >> output
awk -F'[][]' '/SSL_accept error from unknown/{a[$4];b[$4]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",SSL_accept_error", b[i]}' /var/log/syslog.1 >> output

是否可以将这三个awk合并为一个awk，比如？

#!/bin/bash
awk -F'[#][()]|client|smtp:|submission:' '....' > output

/var/log/syslog.1

Oct  7 02:21:48 ipb named[2677]: client 38.229.33.47#59569: query (cache) 'a998207098p59569i39337.d2016100618000222958.t12135.dnsresearch.cymru.com/A/IN' denied
Oct  7 02:39:12 ipb named[2677]: client 183.56.172.145#20000: query (cache) '2054061883.www.baidu.com/A/IN' denied
Oct  7 04:31:44 ipb named[2677]: client 141.212.122.111#38457: query (cache) 'c.afekv.com/A/IN' denied
Oct  7 05:34:21 ipb named[2677]: client 95.215.60.214#43977: query (cache) 'm24.pl/ANY/IN' denied
Oct  7 06:39:09 ipb named[2677]: client 185.94.111.1#46130: query (cache) 'com/ANY/IN' denied
Oct  7 08:22:08 ipb named[2677]: client 209.126.136.2#52517: query (cache) 'a.gtld-servers.net/A/IN' denied
Oct  7 09:00:09 ipb named[2677]: client 185.141.24.209#42825: query (cache) 'leth.cc/ANY/IN' denied
Oct  7 09:28:25 ipb named[2677]: client 124.232.142.220#38773: query (cache) 'www.google.com/A/IN' denied
Oct  7 12:31:08 ipb named[2677]: client 124.232.142.220#38332: query (cache) 'www.google.it/A/IN' denied
Oct  7 01:36:57 ipb postfix/anvil[15006]: statistics: max connection count 1 for (smtp:223.74.42.35) at Oct  7 01:33:36
Oct  7 03:14:45 ipb postfix/anvil[13320]: statistics: max connection count 1 for (submission:169.56.71.47) at Oct  7 03:11:24
Oct  7 04:16:04 ipb postfix/anvil[7596]: statistics: max connection count 1 for (smtp:223.74.42.155) at Oct  7 04:12:43
Oct  7 09:03:20 ipb postfix/anvil[357]: statistics: max connection count 1 for (smtp:62.219.225.141) at Oct  7 09:00:00
Oct  7 11:47:26 ipb postfix/anvil[28328]: statistics: max connection count 1 for (smtp:81.240.248.53) at Oct  7 11:44:03
Oct  7 13:54:54 ipb postfix/anvil[1113]: statistics: max connection count 1 for (smtp:210.211.102.38) at Oct  7 13:51:33
Oct  7 22:28:26 ipb postfix/anvil[31118]: statistics: max connection count 1 for (smtp:80.82.64.102) at Oct  7 22:25:00
Oct  7 03:11:25 ipb postfix/submission/smtpd[13318]: SSL_accept error from unknown[169.56.71.47]: lost connection

输出

141.212.122.111 ,query_denied               1 
38.229.33.47    ,query_denied               1 
124.232.142.220 ,query_denied               2 
183.56.172.145  ,query_denied               1 
209.126.136.2   ,query_denied               1 
95.215.60.214   ,query_denied               1 
185.94.111.1    ,query_denied               1 
185.141.24.209  ,query_denied               1 
80.82.64.102    ,max_connection_count       1 
169.56.71.47    ,max_connection_count       1 
62.219.225.141  ,max_connection_count       1 
223.74.42.35    ,max_connection_count       1 
81.240.248.53   ,max_connection_count       1 
210.211.102.38  ,max_connection_count       1 
223.74.42.155   ,max_connection_count       1 
169.56.71.47    ,SSL_accept_error           1 

我试试：

#!/bin/bash
awk -F'[][()#=/,]|smtp:|submission:' '\
/query.*denied/{a[$2];b[$2]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",query_denied", b[i]}\
/max connection count/{a[$3];b[$3]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",max_connection_count", b[i]}\
/SSL_accept error from unknown/{a[$4];b[$4]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",SSL_accept_error", b[i]}' \
/var/log/syslog.1

但输出不是我想要的。

13320           ,query_denied               1 
7596            ,query_denied               1 
28328           ,query_denied               1 
2677            ,query_denied               9 
31118           ,query_denied               1 
1113            ,query_denied               1 
15006           ,query_denied               1 
13318           ,query_denied               1 
357             ,query_denied               1 
13320           ,max_connection_count       1 
7596            ,max_connection_count       1 
28328           ,max_connection_count       1 
2677            ,max_connection_count       9 
31118           ,max_connection_count       1 
1113            ,max_connection_count       1 
15006           ,max_connection_count       1 
13318           ,max_connection_count       1 
357             ,max_connection_count       1 
13320           ,SSL_accept_error           1 
7596            ,SSL_accept_error           1 
28328           ,SSL_accept_error           1 
2677            ,SSL_accept_error           9 
31118           ,SSL_accept_error           1 
1113            ,SSL_accept_error           1 
15006           ,SSL_accept_error           1 
13318           ,SSL_accept_error           1 
357             ,SSL_accept_error           1 

我是新手并且不知道这个，在搜索问题之后，仍然没有帮助。任何提示？ 感谢。

最好的问候。

Answer 1

问题已解决。

awk -F'[][()#=/,]|client |smtp:|submission:|unknown' \
'/query.*denied/{a[$4];b[$4]++;next}
/max connection count/{c[$6];d[$6]++;next}
(/SSL_accept error from unknown/ && /\/submission\//){e[$7];f[$7]++;next}
(/SSL_accept error from unknown/ && !/\/submission\//){g[$6];h[$6]++}
END {
for(i in a){if(b[i]>0){printf "%-15s %-27s %-2s\n",i, ",query_denied", b[i]}}
for(j in c){if(d[j]>0){printf "%-15s %-27s %-2s\n",j, ",max_connection_count", d[j]}}
for(k in e){if(f[k]>0){printf "%-15s %-27s %-2s\n",k, ",SSL_accept_error", f[k]}}
for(l in g){if(h[l]>0){printf "%-15s %-27s %-2s\n",l, ",SSL_accept_error", h[l]}}}' \
$InFile >$OutFile