sedを使用して中間線を削除する

sedを使用して中間線を削除する

次のログ形式があります。

2017-12-22T23:32:07-05:00 ServerABC sshd[22549]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[60944]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[1787]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:13-05:00 ServerABC sshd[1367]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:14-05:00 ServerABC sshd[36061]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:17+00:00 ServerABC sshd[31616]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2

私はそれを解析するために次のコマンドを使用しました。ところで「[ID:800047 dns.info]」を削除できないようです。

sedを使用して中間線を削除する簡単な方法はありますか?

grep -E '(Accepted|for JohnBlezard)' testing.txt | grep "JohnBlezard from" | awk '{print $2, $5, $7, $9, $11}'

予想される結果は次のとおりです。

[ServerABC] [password] [JohnBlezard] [IP Address] 

しかし、解析後の一部の行では、次のような結果が発生することがわかりました。

[ServerABC] [ID 800047] [Accepted] [for] [from]

答え1

シングルawk注文する:

awk '/Accepted .+ for JohnBlezard/{ 
         if ($4 == "[ID") { $5 = $8; $7 = $10; $9 = $12; $11 = $14 }
         print $2, $5, $7, $9, $11
     }' test.txt

出力:

ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111

答え2

次のコマンドを使用してこの行を削除できます。grep -v

~からman grep

       -v, --invert-match
          Invert the sense of matching, to select non-matching lines.  (-v is specified by POSIX.)

だから

$ cat test
2017-12-22T23:32:07-05:00 ServerABC sshd[22549]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[60944]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[1787]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:13-05:00 ServerABC sshd[1367]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:14-05:00 ServerABC sshd[36061]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:17+00:00 ServerABC sshd[31616]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2

予想される結果

$ grep -E '(Accepted|for JohnBlezard)' test | grep -v "\[ID" | grep "JohnBlezard from" | awk '{print $2, $5, $7, $9, $11}'
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111

答え3

このsedを試すことができます

sed -E '
 h
  s/(.*: (\[[^\]*\] )*)//
  s/(( *[^ ]*){6})(.*)/\1/
  s/( *[^ ]* )([^ ]*)/[\2] /g
 x
  s/([^ ]* )([^ ]*).*/ [\2]/
 G
  y/\n/ /
' infile

関連情報