Linux AWK有条件地从文件中选取FQDN主机名
专家们,我在阅读了《如何提供》之后再次来到这里,我再次提出了这个问题 我想过滤完全限定的主机名(例如:Linux AWK有条件地从文件中选取FQDN主机名,linux,awk,Linux,Awk,专家们,我在阅读了《如何提供》之后再次来到这里,我再次提出了这个问题 我想过滤完全限定的主机名(例如:dtc4028.ptc.db01.delta.com)并计算单个主机上的重复次数 下面是我的原始数据: Feb 24 07:20:56 dbv0102 postfix/smtpd[29531]: NOQUEUE: reject: RCPT from dtc4023.ptc.db01.delta.com[172.10.10.161]: 554 5.7.1 <beta_st@dtc.com&g
dtc4028.ptc.db01.delta.com
)并计算单个主机上的重复次数
下面是我的原始数据:
Feb 24 07:20:56 dbv0102 postfix/smtpd[29531]: NOQUEUE: reject: RCPT from dtc4023.ptc.db01.delta.com[172.10.10.161]: 554 5.7.1 <beta_st@dtc.com>: Sender address rejected: Access denied; from=<beta_st@dtc.com> to=<stordb@dtc.com> proto=ESMTP helo=<dtc4023.ptc.db01.delta.com>
Feb 24 07:21:20 dbv0102 postfix/smtpd[29528]: NOQUEUE: reject: RCPT from dtc4023.ptc.db01.delta.com[172.10.10.161]: 554 5.7.1 <beta_st@dtc.com>: Sender address rejected: Access denied; from=<beta_st@dtc.com> to=<stordb@dtc.com> proto=ESMTP helo=<dtc4023.ptc.db01.delta.com>
Feb 21 05:05:06 dbv0102 postfix/smtpd[32001]: disconnect from dtc4028.ptc.db01.delta.com[172.12.78.81]
Feb 21 05:05:23 dbv0102 postfix/smtpd[32010]: connect from dtc4028.ptc.db01.delta.com[172.12.78.81]
Feb 21 05:06:15 dbv0102 postfix/smtpd[31994]: connect from dtc3024.ptc.db01.delta.com[172.10.10.166]
Feb 21 05:06:15 dbv0102 postfix/smtpd[31994]: disconnect from dtc3024.ptc.db01.delta.com[172.10.10.166]
Feb 21 13:05:08 dbv0102 postfix/smtpd[29043]: lost connection after CONNECT from dtc4028.ptc.db01.delta.com[172.12.78.81]
Feb 21 13:05:08 dbv0102 postfix/smtpd[29048]: lost connection after CONNECT from dtc4028.ptc.db01.delta.com[172.12.78.82]
其次,由于这些行没有主机名,我将在之后删除RCPT |,然后还将删除[]
,以便只包含主机名并计算其重复次数
$ awk '/from dtc/{print $1, $2, $4, $8}' maillog.log| egrep -v "RCPT|after" | awk '{print $4}'| cut -d"[" -f1 | uniq -c
2 dtc4028.ptc.db01.delta.com
2 dtc3024.ptc.db01.delta.com
我的愿望:
Feb 24 07:20:56 dbv0102 postfix/smtpd[29531]: NOQUEUE: reject: RCPT from dtc4023.ptc.db01.delta.com[172.10.10.161]: 554 5.7.1 <beta_st@dtc.com>: Sender address rejected: Access denied; from=<beta_st@dtc.com> to=<stordb@dtc.com> proto=ESMTP helo=<dtc4023.ptc.db01.delta.com>
Feb 24 07:21:20 dbv0102 postfix/smtpd[29528]: NOQUEUE: reject: RCPT from dtc4023.ptc.db01.delta.com[172.10.10.161]: 554 5.7.1 <beta_st@dtc.com>: Sender address rejected: Access denied; from=<beta_st@dtc.com> to=<stordb@dtc.com> proto=ESMTP helo=<dtc4023.ptc.db01.delta.com>
Feb 21 05:05:06 dbv0102 postfix/smtpd[32001]: disconnect from dtc4028.ptc.db01.delta.com[172.12.78.81]
Feb 21 05:05:23 dbv0102 postfix/smtpd[32010]: connect from dtc4028.ptc.db01.delta.com[172.12.78.81]
Feb 21 05:06:15 dbv0102 postfix/smtpd[31994]: connect from dtc3024.ptc.db01.delta.com[172.10.10.166]
Feb 21 05:06:15 dbv0102 postfix/smtpd[31994]: disconnect from dtc3024.ptc.db01.delta.com[172.10.10.166]
Feb 21 13:05:08 dbv0102 postfix/smtpd[29043]: lost connection after CONNECT from dtc4028.ptc.db01.delta.com[172.12.78.81]
Feb 21 13:05:08 dbv0102 postfix/smtpd[29048]: lost connection after CONNECT from dtc4028.ptc.db01.delta.com[172.12.78.82]
我希望如果能用awk本身更聪明地写这篇文章,而不是用肮脏的方式写
注意:在第6列之后,我们能否只获取FQDN主机名,如dtc4028.ptc.db01.delta.com
。根据所显示的示例,请尝试以下内容。用GNUawk
编写和测试
awk '
match($0,/from .*com\[/){
count[substr($0,RSTART+5,RLENGTH-6)]++
}
END{
for(key in count){
print count[key],key
}
}
' Input_file
说明:添加上述内容的详细说明
awk ' ##Starting awk program from here.
match($0,/from .*com\[/){ ##Using match function to match regex from .*com\[
count[substr($0,RSTART+5,RLENGTH-6)]++ ##Whenever match is having a regex matched so it sets RSTART and RLENGTH, RSTART tells us starting point of matched regex and RLENGTH is complete length.
}
END{ ##Starting END block of this program from here.
for(key in count){ ##Traversing through count array here.
print count[key],key ##Printing its key and value here.
}
}
' Input_file ##Mentioning Input_file name here.
根据你们展示的样品,你们能试一下吗。用GNUawk
编写和测试
awk '
match($0,/from .*com\[/){
count[substr($0,RSTART+5,RLENGTH-6)]++
}
END{
for(key in count){
print count[key],key
}
}
' Input_file
说明:添加上述内容的详细说明
awk ' ##Starting awk program from here.
match($0,/from .*com\[/){ ##Using match function to match regex from .*com\[
count[substr($0,RSTART+5,RLENGTH-6)]++ ##Whenever match is having a regex matched so it sets RSTART and RLENGTH, RSTART tells us starting point of matched regex and RLENGTH is complete length.
}
END{ ##Starting END block of this program from here.
for(key in count){ ##Traversing through count array here.
print count[key],key ##Printing its key and value here.
}
}
' Input_file ##Mentioning Input_file name here.
非常感谢Ravinder,您能解释一下($0,RSTART+5,RLENGTH-6)
@user294110,详细的解释正在进行中,完成后会告诉您的。@user294110,我已经为解决方案添加了详细的解释,如果有任何疑问,请告诉我,谢谢。@RavinderSingh再次感谢您。@user294110,欢迎您,如果您觉得有帮助,您也可以点击我答案旁边的勾号选项来接受我的答案,干杯。非常感谢Ravinder,您能解释一下($0,RSTART+5,RLENGTH-6)
@user294110,当然详细的解释正在进行中,一旦完成就会告诉您。@user294110,我已经为解决方案添加了详细的解释,如果您有任何疑问,请务必告诉我,谢谢。@RavinderSingh再次感谢您。@user294110,您的欢迎,如果您觉得有帮助,您也可以单击我答案旁边的勾号选项来接受我的答案,干杯。谢谢@Ed Morton,在阅读了“最小可复制示例”之后,`当我在另一个线程中了解到这一点时,我试着使它尽可能简单,以便于复制,并感谢您的回答。不客气。请看下一步该怎么做。谢谢@Ed Morton,在经历了“最小可复制示例”之后,正如我在另一个线程中了解到的那样,我试图使其尽可能简单,以便于复制,并感谢您的回答。不客气。请看下一步做什么。