用于解析的AWK命令
我必须解析通过运行命令得到的表:用于解析的AWK命令,awk,Awk,我必须解析通过运行命令得到的表: tshark -q -r dump.pcap -Y http -z http,tree 该表如下所示: ======================================================================================================================================= HTTP/Packet Counter: Topic / Item
tshark -q -r dump.pcap -Y http -z http,tree
=======================================================================================================================================
HTTP/Packet Counter:
Topic / Item Count Average Min val Max val Rate (ms) Percent Burst rate Burst start
---------------------------------------------------------------------------------------------------------------------------------------
Total HTTP Packets 70 0.0120 100% 0.0500 1.641
HTTP Request Packets 51 0.0087 72.86% 0.0400 1.494
SEARCH 22 0.0038 43.14% 0.0400 1.641
NOTIFY 22 0.0038 43.14% 0.0200 1.104
GET 5 0.0009 9.80% 0.0100 1.109
POST 2 0.0003 3.92% 0.0100 3.577
HTTP Response Packets 19 0.0032 27.14% 0.0300 4.908
2xx: Success 19 0.0032 100.00% 0.0300 4.908
200 OK 19 0.0032 100.00% 0.0300 4.908
???: broken 0 0.0000 0.00% - -
5xx: Server Error 0 0.0000 0.00% - -
4xx: Client Error 0 0.0000 0.00% - -
3xx: Redirection 0 0.0000 0.00% - -
1xx: Informational 0 0.0000 0.00% - -
Other HTTP Packets 0 0.0000 0.00% - -
---------------------------------------------------------------------------------------------------------------------------------------
tshark -q -r dump.pcap -Y http -z http,tree | awk '/SEARCH/ {print $2}'
我得到了期望的输出。我想知道是否有一种方法可以通过在单个命令中运行它来实现这一点。这是我能想到的最好的方法(使用gnu awk): 如果您没有gnu awk:
yourcommand | \
egrep 'HTTP R|NOTIFY|GET|POST|SEARCH' | \
cut -c 25-38 | \
awk '{ gsub("^ +",""); gsub(" +$",""); print }'
yourcommand | gawk '
BEGIN {
FIELDWIDTHS = "24 14"
}
/HTTP R|NOTIFY|GET|POST|SEARCH/ {
gsub("^ +","",$1)
gsub(" +$","",$1)
gsub(" +$","",$2)
print $1 "," $2
}'
这是我能想到的最好的(使用gnu awk): 如果您没有gnu awk:
yourcommand | \
egrep 'HTTP R|NOTIFY|GET|POST|SEARCH' | \
cut -c 25-38 | \
awk '{ gsub("^ +",""); gsub(" +$",""); print }'
yourcommand | gawk '
BEGIN {
FIELDWIDTHS = "24 14"
}
/HTTP R|NOTIFY|GET|POST|SEARCH/ {
gsub("^ +","",$1)
gsub(" +$","",$1)
gsub(" +$","",$2)
print $1 "," $2
}'
如果您知道字段宽度,则可以使用
substr()tshark -q -r dump.pcap -Y http -z http,tree | awk '/HTTP Request Packets|SEARCH|NOTIFY|HTTP Response Packets/{
print substr($0,1,24), substr($0,25,24)
}'
$ your_command | awk '/HTTP Request Packets|SEARCH|NOTIFY|HTTP Response Packets/{print substr($0,1,24), substr($0,25,24)}'
HTTP Request Packets 51
SEARCH 22
NOTIFY 22
HTTP Response Packets 19
如果您知道字段宽度,则可以使用
substr()tshark -q -r dump.pcap -Y http -z http,tree | awk '/HTTP Request Packets|SEARCH|NOTIFY|HTTP Response Packets/{
print substr($0,1,24), substr($0,25,24)
}'
$ your_command | awk '/HTTP Request Packets|SEARCH|NOTIFY|HTTP Response Packets/{print substr($0,1,24), substr($0,25,24)}'
HTTP Request Packets 51
SEARCH 22
NOTIFY 22
HTTP Response Packets 19
请将该示例输入的所需输出添加到问题中。搜索输出为22。我要22英镑。对于Http请求数据包,我需要51 etcSimply post示例输入\ U文件,在您的post中的代码标记中包含预期的输出文件。我已经发布了问题中的表。我还提到,我希望表中的“count”列包含“Http请求数据包、搜索、通知、Http响应数据包”的行。@mg9893,请以文本而非图像形式发布其输出,这样我们也可以测试命令的输出。请将该示例输入的所需输出添加到问题中。搜索的输出为22。我要22英镑。对于Http请求数据包,我需要51 etcSimply post示例输入\ U文件,在您的post中的代码标记中包含预期的输出文件。我已经发布了问题中的表。我还提到,我希望表中的“count”列包含“Http请求包、搜索、通知、Http响应包”的行。@mg9893,请以文本而不是图像的形式发布它的输出,以便我们也可以测试命令的输出。如果我们乱序,有什么方法可以做吗?我的意思是,如果我们输入/HTTP请求包| HTTP响应包|搜索|通知/,我希望输出是51 19 22 22而不是51 22 19。因为在我的例子中,对于所有的PCAP,我在表中的顺序都不一样,所以使用这个命令会给我错误的值,比如:
your|u command | awk'/regex1/{var1=substr($0,1,24)of s substr($0,25,24)}/regex2/{var2=substr($0,1,24)of s substr($0,25,24)}/regex|“your|u command | awk'/regex1/{var1=substr($0,1,24)of s substr($0,25,24)}/regex2/{var2=substr($0,1,24)of s substr($0,25,24)}/regex|“