我正在寻找一个读取日志并用主机名替换IP地址的bash脚本。有没有人知道如何做到这一点?
答案 0 :(得分:4)
以下脚本应该可行。您可以像这样使用它:
将其保存到ip_to_hostname.sh然后:
./ ip_to_hostname.sh your_logfile> resolved_ip
#!/bin/bash
logFile=$1
while read line
do
for word in $line
do
# if word is ip address change to hostname
if [[ $word =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]
then
# check if ip address is correct
OIFS=$IFS
IFS="."
ip=($word)
IFS=$OIFS
if [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
then
echo -n `host $word | cut -d' ' -f 5`
echo -n " "
else
echo -n "$word"
echo -n " "
fi
# else print word
else
echo -n $word
echo -n " "
fi
done
# new line
echo
done < "$logFile"
答案 1 :(得分:1)
谈论IPv4:您可以从hosts文件生成sed命令列表:
sed -rn 's/^(([0-9]{1,3}\.){3}([0-9]{1,3}))[ \t]([^ \t]+)[ \t].*/s#\1#\4#/p' /etc/hosts > hosts.sed
然后将其应用于您的日志文件:
sed -f hosts.sed LOGFILE
当然,您的hosts文件名必须列在主机文件中。
另一种反向方法是使用 logresolve
。
从联系手册:
NAME
logresolve - Resolve IP-addresses to hostnames in Apache log files
SYNOPSIS
logresolve [ -s filename ] [ -c ] < access_log > access_log.new
SUMMARY
logresolve is a post-processing program to resolve IP-addresses in Apache's access logfiles. To minimize
impact on your nameserver, logresolve has its very own internal hash-table cache. This means that each
IP number will only be looked up the first time it is found in the log file.
Takes an Apache log file on standard input. The IP addresses must be the first thing on each line and
must be separated from the remainder of the line by a space.
因此,您可以使用REGEX提取所有IP,将它们放入新文件2次,一次放入第一列,然后使用logresolve进行转换。然后使用此表生成如上所述的sedfile。
答案 2 :(得分:1)
解决方法可以这样做:
IP = 72.30.38.140
主机名= nslookup $ip | grep name
hostname = $ {hostname#* name =}
主机名= $ {主机名%。}
这样,IP就不必在/ etc / hosts中。
脚本本身取决于日志的外观。你能发一个例子吗?
答案 3 :(得分:0)
这是我最终使用的wisent脚本的修改版本:
#!/bin/bash
logFile=$1
while read line
do
for word in $line
do
# if word is ip address change to hostname
if [[ $word =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\:[0-9]{1,5}$ ]]
then
port=$(echo "$word" | sed -e "s/.*://")
word=$(echo "$word" | sed -e "s/:.*//")
OIFS=$IFS
IFS="."
ip=($word)
IFS=$OIFS
# check if ip address is correct and not 192.168.*
if [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 && ${ip[0]}${ip[1]} -ne 192168 ]]
then
host=$(host $word | cut -d' ' -f 5)
if [[ $host =~ ^[0-9]{1,3}\(.*\)$ ]] # check for resolver errors
then
# if the resolver failed
echo -n "$word"
echo -n ":$port"
echo -n " "
else
# if the resolver worked
host=$(echo "$host'" | sed -e "s/\.'//" | sed ':a;N;$!ba;s/.*\n//g') # clean up cut's output
echo -n "$host"
echo -n ":$port"
echo -n " "
fi
else
# if the ip address isn't correct
echo -n "$word"
echo -n ":$port"
echo -n " "
fi
# else print word
else
echo -n $word
echo -n " "
fi
done
# new line
echo
done < "$logFile"
答案 4 :(得分:0)
前段时间我把它添加到我的.bashrc中......
function resolve-hostname-from-ip()
{
if [ ! $1 ]
then
echo -e "${red}Please provide an ip address...${no_color}"
return 1
fi
echo "" | traceroute $1|grep " 1 "|cut -d ' ' -f4|cut -d '.' -f1
}
我有预定义的终端颜色,所以如果你愿意,你可以省略它们。 = d
[root@somehostname ~ 08:50 AM] $ resolve-hostname-from-ip 111.22.33.444
someotherhostname
我已经在RHEL和SUSE上成功测试了这个。我没有在我的域外的IP上测试它,所以我不是100%肯定它会在所有情况下工作...希望这有助于=)