用于循环的shell脚本是破线?

时间:2018-03-15 10:51:48

标签: linux bash shell unix scripting

我试图在另一个变量(如ip和端口号)中使用cut命令保存$ i变量的一些数据,这样我就可以将ip和port存储到数据库中,但这个输出创建了由于下一行保存数据的问题请帮助.. 

foo=( $(grep logs  data.txt) ) 

    for i in "${foo[@]}"
    do

    echo "$i" | sed 's/Failed//g' | sed "s/logs//g" | sed "s/for//g" | sed "s/delmum//g" | sed "s/from//g"  | sed "s/port//g"  | sed "s/invalid//g" | sed "s/user//g"| sed "s/castis//g" | sed "s/guest//g" | sed '/^$/d'

    done

    Output :-Mar
    4
    03:08:15
    sshd[96487]:
    225.33.58.96
    62445

    Mar
    4
    03:08:15
    sshd[65741]:
    225.33.58.96
    62445

    Mar
    4
    03:08:15
    sshd[34595]:
    202.83.52.11
    43321

    Mar
    4
    03:08:16
    sshd[25485]:
    356.214.857.246
    12445

    Mar
    4
    03:08:16
    sshd[25245]:
    324.684.723.857
    24875


    output expected :- 
    Mar 4 03:08:15 sshd[96487]: 225.33.58.96 62445
    Mar 4 03:08:15 sshd[34595]: 202.83.52.11 43321
    Mar 4 03:08:16 sshd[25245]: 324.684.723.857 24875

data.txt
Mar  4 03:08:15 delmum sshd[96487]: Failed logs for root from 225.33.58.96 port 62445 ssh2
Mar  4 03:08:06 perfmum sshd[33799]: Connection closed by
Mar  4 03:08:15 delmum sshd[65741]: Failed logs for root from 225.33.58.96 port 62445 ssh2
Mar  4 03:08:15 delmum sshd[34595]: Failed logs for root from 202.83.52.11 port 43321 ssh2
Mar  4 03:08:06 delmum sshd[12485]: Connection closed by
Mar  4 03:08:06 delmum sshd[85468]: Connection closed by
Mar  4 03:08:06 delmum sshd[51396]: Connection closed by
Mar  4 03:08:16 delmum sshd[25485]: Failed logs for invalid user castis from 356.214.857.246 port 12445 ssh2
Mar  4 03:08:16 delmum sshd[25245]: Failed logs for invalid user castis from 324.684.723.857 port 24875 ssh2
Mar  4 03:08:06 delmum sshd[23541]: Connection closed by

data.txt内容在行但是为什么循环打破了它自己的行

4 个答案:

答案 0 :(得分:1)

使用单个 awk 命令:

awk '/logs/{ 
         if (/from/ && /port/) { sub(/: .* from/,""); tail=":" OFS $6 OFS $8 }
         print $1,$2,$3,$4,$5 tail; tail=""; 
     }' data.txt

示例输出:

Mar 4 03:08:15 delmum sshd[96487]: 225.33.58.96 62445
Mar 4 03:08:15 delmum sshd[65741]: 225.33.58.96 62445
Mar 4 03:08:15 delmum sshd[34595]: 202.83.52.11 43321
Mar 4 03:08:16 delmum sshd[25485]: 356.214.857.246 12445
Mar 4 03:08:16 delmum sshd[25245]: 324.684.723.857 24875

答案 1 :(得分:0)

您可以逐行处理整个日志,而无需将每行读入变量:

grep logs  data.txt \
| sed 's/Failed\|logs\|for\|delmum\|from\|port\|invalid\|user\|castis\|guest//g'

只运行一个sed代替很多,而且只使用一个表达式而不是多个表达式,速度也快得多。

答案 2 :(得分:0)

它对我有用: - 

 grep logs  data.txt > tmp.txt
 while read -r line
 do
    echo "$line" | sed 's/Failed//g;s/logs//g;s/for//g;s/delmum//g;s/from//g;s/port//g;s/invalid//g;s/user//g;s/castis//g;s/guest//g;/^$/d;s/ssh2//g;s/root//g;s/  */ /g' > ./sort.txt
 done < ./tmp.txt

 rm ./tmp.txt

答案 3 :(得分:0)

sed -E '
/logs/!d
h
s/.*from ([^ ]*) .*port ([^ ]*).*/\1 \2/
x
s/(.*:).*/\1/;s/([^ ]* )//5
G
y/\n/ /
' data.txt
相关问题
最新问题