需要有关Unix命令的帮助:
我想从日志文件中列出/ grep所有etime大于5的“ abdc7dac-abdf-4088-ba87-ca5ee765f3eb”行:
日志摘录:
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243079 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242947 op=2 msgID=3 result=0 nentries=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242945 op=2 msgID=3 result=0 nentries=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243083 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242989 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=2
所需的输出:
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
答案 0 :(得分:0)
grep abdc7dac-abdf-4088-ba87-ca5ee765f3eb logfile |awk -F "etime=" '$2>5{print}' > modifiedlog.txt
示例输出:
auxilus@ubuntu:~$ cat logfile
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1
msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243079 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242947 op=2 msgID=3 result=0 nentries=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] SEARCH RES conn=74242945 op=2 msgID=3 result=0 nentries=0 etime=0
access:[29/Dec/2018:14:59:38 +0000] EXTENDED RES conn=74243083 op=0 msgID=1 name="StartTLS" oid="1.3.6.1.4.1.1466.20037" result=0 etime=1
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242989 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=2
auxilus@ubuntu:~$ grep abdc7dac-abdf-4088-ba87-ca5ee765f3eb logfile |awk -F "etime=" '$2>5{print}'
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
auxilus@ubuntu:~$
更好的版本:
awk -F "etime=" '/abdc7dac-abdf-4088-ba87-ca5ee765f3eb/ {if ($2>5) {print}}' logfile
答案 1 :(得分:0)
您不希望以etime=
结尾且行号介于0到5之间的行。
在其他行中,您只想查看带有abdc7dac-abdf-4088-ba87-ca5ee765f3eb
的行。组合:
sed -n '/etime=[0-5]$/d;/abdc7dac-abdf-4088-ba87-ca5ee765f3eb/p' logfile
答案 2 :(得分:-1)
使用基本正则表达式的简单grep
解决方案,该解决方案将处理具有值etime=
或任何多位数6-9
(例如etime=
或{ {1}})将是:
etime=[6-9]
将etime=[0-9][0-9][0-9]*
用作输入会导致以下结果:
$ grep 'abdc7dac-abdf-4088-ba87-ca5ee765f3eb.*etime=\([6-9]\|[0-9][0-9][0-9]*\).*$' file
如果您的文件中还包含两位(或更多)数字file
,那么也会被捕获,例如
$ grep 'abdc7dac-abdf-4088-ba87-ca5ee765f3eb.*etime=\([6-9]\|[0-9][0-9][0-9]*\).*$' file
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242995 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=6
access:[29/Dec/2018:14:59:38 +0000] BIND RES conn=74242987 op=1 msgID=2 result=0 authDN="ldapguid=abdc7dac-abdf-4088-ba87-ca5ee765f3eb,dc=abc,dc=com" etime=7
您可以调整数字范围以使匹配适合您的需求。