Linux 使用sed和awk解析last以创建csv文件
因此,我试图创建一个awk脚本来遍历最后一个命令的输出,以便将其转换为csv文件。我遇到的问题是,线路匹配了好几次,我不知道如何防止这种情况发生;我决不是一个awk专家(这也是我做这个练习的部分原因) sed插入的原因是缺少“列” 执行最后一个命令并调用awk脚本的命令:Linux 使用sed和awk解析last以创建csv文件,linux,csv,security,awk,Linux,Csv,Security,Awk,因此,我试图创建一个awk脚本来遍历最后一个命令的输出,以便将其转换为csv文件。我遇到的问题是,线路匹配了好几次,我不知道如何防止这种情况发生;我决不是一个awk专家(这也是我做这个练习的部分原因) sed插入的原因是缺少“列” 执行最后一个命令并调用awk脚本的命令: last -w -F | sed -r 's/[[:space:]{23,}/ unknown /;s/(crash|down)/\1 unknown /' | awk -f awktest.awk (作为旁注,这里的sub
last -w -F | sed -r 's/[[:space:]{23,}/ unknown /;s/(crash|down)/\1 unknown /' | awk -f awktest.awk
(作为旁注,这里的sub是在我决定用sed测试插入列之前出现的)
awktest.awk
BEGIN { print "user,tty/pts,connection_from,login_time,state,logoff_time,total_time"}
{if ($1 ~/reboot/) {print $1","$2","$3","$4","($5" "$6" "$7" "$8" "$9)","$10","($11" "$12" "$13" "$14" "$15","$16)}}
{if ($1 ~/root/ && $2 ~/tty/) { sub($3,"null") ; print $1","$2","$3","($4" "$5" "$6" "$7" "$8)","$9","($10","$11","$12" "$13" "$14)}}
#{if ( NF > 14) { print $1","$2","$3","($4" "$5" "$6" "$7" "$8 )","$9","($10" "$11" "$12" "$13" "$14)","$15 }}
{if ($3 == "unknown" && $11 !="unknown") { print $1","$2","$3","($4" "$5" "$6" "$7" "$8 )","$9","($10" "$11" "$12" "$13" "$14)","$15 }}
#{if ($3 == "unknown") { print $1","$2","$3","( $4" "$5" "$6" "$7" "$8 )","$9","($10","$11",")$12}}
{if ($11 == "unknown") { print $1","$2","$3","( $4" "$5" "$6" "$7" "$8 )","$9","($10","$11",")$12}}
如您所见,我尝试了多种方法,要么重复,要么缺少行。副本很清楚:
root,tty2,null,Sun Jul 19 13:25:38 2020,-,down,unknown,(00:01)
root,tty2,null,Sun Jul 19 13:25:38 2020,-,down,unknown,(00:01)
是的,我知道,不漂亮;但我在试验;我被困住了,一直在读sed和awk的书,疯狂地用谷歌搜索,毫无进展;在这一点上,我认为我看得太久了,没有取得任何进展
我做错了什么
#为清晰起见进行编辑
(删除了一些空白以使其更干净)
最后一个命令的示例:
root tty3 Mon Jun 8 09:49:56 2020 - down (00:00)
foo :0 0 Mon Jun 8 09:49:16 2020 - down (00:01)
reboot system boot 5.6.16-300.fc32.x86_64 Mon Jun 8 09:48:28 2020 - Mon Jun 8 09:50:54 2020 (00:02)
roncioiu :0 Thu Jun 18 10:19:29 2020 - Thu Jun 18 10:20:19 2020 (00:00)
#所需状态列:
- 时间戳在()中作为一列计算
所以我最终选择了一行,由于@tink的温和刺激,我放弃了剧本。只需要一点点数据 谢谢你的提示!我用另一种方式做这件事,我失去了理智
last -a -w --time-format iso | sed -r 's/\sboot\s//g;/^$/d;/wtmp/d;/(crash|down)/s/$/ unknown /' | awk 'BEGIN { print "user,pts/tty,login_time,state,logoff_time,total_time,host "} { print $1","$2","$3","$4","$5","$6","$7}'
这不是一个答案,但我认为如果您直接解析
wtmp
文件中的记录,这会容易得多。你可以在C语言中完成这项工作,或者你可以使用Python模块等。我不了解其他人,但特别是像sed
和awk
这样的文本处理工具,我一直是示例输入
和所需输出
的忠实粉丝。就目前而言,您的awk代码片段只是让我头痛;)。。。在上面匹配的每一行输入一行(当然,匿名用户名/IP/主机名)会有很大的帮助。是的,你是对的。我觉得很清楚,;希望这能让它变得更好:)它确实。。。现在,请允许我(尽管你付出了那么多努力)再提一个建议好吗<如果您使用这个神奇的咒语,代码>最后一个输出将变得更加友好<代码>最后一个-a-w--时间格式iso。。。看一看,告诉我你的想法;)你能听到我在命令行中微笑吗?我喜欢它;我将在这里玩一会儿;仍然需要添加一列并删除一些单词,但这是一种更易于管理的方式。让我们看看;谢谢:DGood stuff=}。。。为你感到骄傲!;)
last -a -w --time-format iso | sed -r 's/\sboot\s//g;/^$/d;/wtmp/d;/(crash|down)/s/$/ unknown /' | awk 'BEGIN { print "user,pts/tty,login_time,state,logoff_time,total_time,host "} { print $1","$2","$3","$4","$5","$6","$7}'