Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/linux/28.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Linux 使用sed和awk解析last以创建csv文件_Linux_Csv_Security_Awk - Fatal编程技术网
Fatal编程技术网
  • linux/
  • Linux 使用sed和awk解析last以创建csv文件

Linux 使用sed和awk解析last以创建csv文件

linux csv security awk

Linux 使用sed和awk解析last以创建csv文件,linux,csv,security,awk,Linux,Csv,Security,Awk,因此,我试图创建一个awk脚本来遍历最后一个命令的输出,以便将其转换为csv文件。我遇到的问题是,线路匹配了好几次,我不知道如何防止这种情况发生;我决不是一个awk专家(这也是我做这个练习的部分原因) sed插入的原因是缺少“列” 执行最后一个命令并调用awk脚本的命令: last -w -F | sed -r 's/[[:space:]{23,}/ unknown /;s/(crash|down)/\1 unknown /' | awk -f awktest.awk (作为旁注,这里的sub

因此,我试图创建一个awk脚本来遍历最后一个命令的输出,以便将其转换为csv文件。我遇到的问题是,线路匹配了好几次,我不知道如何防止这种情况发生;我决不是一个awk专家(这也是我做这个练习的部分原因)

sed插入的原因是缺少“列”

执行最后一个命令并调用awk脚本的命令:

last -w -F | sed -r 's/[[:space:]{23,}/ unknown /;s/(crash|down)/\1 unknown /' | awk -f awktest.awk
(作为旁注,这里的sub是在我决定用sed测试插入列之前出现的)

awktest.awk

BEGIN { print "user,tty/pts,connection_from,login_time,state,logoff_time,total_time"}
{if ($1 ~/reboot/) {print $1","$2","$3","$4","($5" "$6" "$7" "$8" "$9)","$10","($11" "$12" "$13" "$14" "$15","$16)}}
{if ($1 ~/root/ && $2 ~/tty/) { sub($3,"null") ;  print $1","$2","$3","($4" "$5" "$6" "$7" "$8)","$9","($10","$11","$12" "$13" "$14)}}

#{if ( NF > 14) { print $1","$2","$3","($4" "$5" "$6" "$7" "$8 )","$9","($10" "$11" "$12" "$13" "$14)","$15 }}
{if ($3 == "unknown" && $11 !="unknown") { print $1","$2","$3","($4" "$5" "$6" "$7" "$8 )","$9","($10" "$11" "$12" "$13" "$14)","$15 }}
#{if ($3 == "unknown") { print $1","$2","$3","( $4" "$5" "$6" "$7" "$8 )","$9","($10","$11",")$12}}
{if ($11 == "unknown") { print $1","$2","$3","( $4" "$5" "$6" "$7" "$8 )","$9","($10","$11",")$12}}
如您所见,我尝试了多种方法,要么重复,要么缺少行。副本很清楚:

root,tty2,null,Sun Jul 19 13:25:38 2020,-,down,unknown,(00:01)
root,tty2,null,Sun Jul 19 13:25:38 2020,-,down,unknown,(00:01)
是的,我知道,不漂亮;但我在试验;我被困住了,一直在读sed和awk的书,疯狂地用谷歌搜索,毫无进展;在这一点上,我认为我看得太久了,没有取得任何进展

我做错了什么

#为清晰起见进行编辑

(删除了一些空白以使其更干净) 最后一个命令的示例:

root  tty3         Mon Jun  8 09:49:56 2020 - down           (00:00)
foo :0    0        Mon Jun  8 09:49:16 2020 - down                      (00:01)
reboot   system boot  5.6.16-300.fc32.x86_64 Mon Jun  8 09:48:28 2020 - Mon Jun  8 09:50:54 2020  (00:02)
roncioiu :0          Thu Jun 18 10:19:29 2020 - Thu Jun 18 10:20:19 2020  (00:00)
#所需状态列:

  • 时间戳在()中作为一列计算
所以我最终选择了一行,由于@tink的温和刺激,我放弃了剧本。只需要一点点数据

谢谢你的提示!我用另一种方式做这件事,我失去了理智

last -a -w --time-format iso | sed -r 's/\sboot\s//g;/^$/d;/wtmp/d;/(crash|down)/s/$/ unknown /' | awk 'BEGIN { print "user,pts/tty,login_time,state,logoff_time,total_time,host "} { print $1","$2","$3","$4","$5","$6","$7}'
这不是一个答案,但我认为如果您直接解析
wtmp
文件中的记录,这会容易得多。你可以在C语言中完成这项工作,或者你可以使用Python模块等。我不了解其他人,但特别是像
sed
awk
这样的文本处理工具,我一直是
示例输入
所需输出
的忠实粉丝。就目前而言,您的awk代码片段只是让我头痛;)。。。在上面匹配的每一行输入一行(当然,匿名用户名/IP/主机名)会有很大的帮助。是的,你是对的。我觉得很清楚,;希望这能让它变得更好:)它确实。。。现在,请允许我(尽管你付出了那么多努力)再提一个建议好吗<如果您使用这个神奇的咒语,代码>最后一个输出将变得更加友好<代码>最后一个-a-w--时间格式iso。。。看一看,告诉我你的想法;)你能听到我在命令行中微笑吗?我喜欢它;我将在这里玩一会儿;仍然需要添加一列并删除一些单词,但这是一种更易于管理的方式。让我们看看;谢谢:DGood stuff=}。。。为你感到骄傲!;) 
last -a -w --time-format iso | sed -r 's/\sboot\s//g;/^$/d;/wtmp/d;/(crash|down)/s/$/ unknown /' | awk 'BEGIN { print "user,pts/tty,login_time,state,logoff_time,total_time,host "} { print $1","$2","$3","$4","$5","$6","$7}'