解析一个非常快的日志文件

时间:2017-02-10 19:02:37

标签: bash shell sh cut

我正在尝试执行此任务此任务的目的是在巨大的日志文件中找到机器人。

很多机器人登录我们的服务。他们都很快做同样的事情,他们登录,更改密码并在一秒钟内注销。我们想在日志中找到它们。

我也想在bash中编写命令,显示符合以下条件的所有配置文件:

从log.txt中提取特定数据

  

用户登录,用户更改密码,用户在同一秒内登录(所有3个操作必须在1秒内完成)       这些行动(登录,更改,注销)一个接一个地发生,而其间没有其他因素

fxsciaqulmlk - 是日志文件中的典型配置文件名称

日志文件的一小部分

[a lot of data]
Mon, 22 Aug 2016 13:15:39 +0200|178.57.66.225|fxsciaqulmlk| - |user logged in| -
Mon, 22 Aug 2016 13:15:39 +0200|178.57.66.225|fxsciaqulmlk| - |user changed password| -
Mon, 22 Aug 2016 13:15:39 +0200|178.57.66.225|fxsciaqulmlk| - |user logged off| -
Mon, 22 Aug 2016 13:15:42 +0200|178.57.66.225|faaaaaa11111| - |user logged in| -
Mon, 22 Aug 2016 13:15:49 +0200|178.57.66.215|terdsfsdfsdf| - |user logged in| -
Mon, 22 Aug 2016 13:15:49 +0200|178.57.66.215|terdsfsdfsdf| - |user changed password| -
Mon, 22 Aug 2016 13:15:49 +0200|178.57.66.215|terdsfsdfsdf| - |user logged off| -
Mon, 22 Aug 2016 13:15:59 +0200|178.57.66.205|erdsfsdfsdf| - |user logged in| -
Mon, 22 Aug 2016 13:15:59 +0200|178.57.66.205|erdsfsdfsdf| - |user logged in| -
Mon, 22 Aug 2016 13:15:59 +0200|178.57.66.205|erdsfsdfsdf| - |user changed password| -
Mon, 22 Aug 2016 13:15:59 +0200|178.57.66.205|erdsfsdfsdf| - |user logged off| -
Mon, 22 Aug 2016 13:17:50 +0200|178.57.66.205|abcbbabab| - |user logged in| -
Mon, 22 Aug 2016 13:17:50 +0200|178.57.66.205|abcbbabab| - |user changed password| -
Mon, 22 Aug 2016 13:17:50 +0200|178.57.66.205|abcbbabab| - |user changed profile| -
Mon, 22 Aug 2016 13:17:50 +0200|178.57.66.205|abcbbabab| - |user logged off| -
Mon, 22 Aug 2016 13:19:19 +0200|178.56.66.225|fxsciulmla| - |user logged in| -
Mon, 22 Aug 2016 13:19:19 +0200|178.56.66.225|fxsciulmla| - |user changed password| -
Mon, 22 Aug 2016 13:19:19 +0200|178.56.66.225|fxsciulmla| - |user logged off| -
Mon, 22 Aug 2016 13:20:42 +0200|178.57.67.225|faaaa0a1111| - |user logged in| -
[a lot of data]

所以我写了这段代码:

#!/bin/bash
log="/home/indra/Desktop/log.txt"
result="/home/indra/Desktop/bots.result"
> $result
while read line; do
 date=`echo "$line" | cut -d' ' -f1-5`
 ip=`echo "$line" | cut -d'|' -f2`
 user=`echo "$line" | cut -d'|' -f3`
 event=`echo "$line" | cut -d'|' -f5`
 echo "date:$date user:$user from ip:$ip $event" >> "$results"
done < "$log"

但是当我尝试运行此代码时,我得到了这个按摩:

  

indra @indra-PC:〜$ bash&#39; /home/indra/Desktop/shtry/try3.sh'
  /home/indra/Desktop/shtry/try3.sh:line 22 ::没有这样的文件或   目录

如何解决这个问题?我是bash的初学者

0 个答案:

没有答案
相关问题
最新问题