次のログ形式があります。
2017-12-22T23:32:07-05:00 ServerABC sshd[22549]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[60944]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[1787]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:13-05:00 ServerABC sshd[1367]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:14-05:00 ServerABC sshd[36061]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:17+00:00 ServerABC sshd[31616]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
私はそれを解析するために次のコマンドを使用しました。ところで「[ID:800047 dns.info]」を削除できないようです。
sedを使用して中間線を削除する簡単な方法はありますか?
grep -E '(Accepted|for JohnBlezard)' testing.txt | grep "JohnBlezard from" | awk '{print $2, $5, $7, $9, $11}'
予想される結果は次のとおりです。
[ServerABC] [password] [JohnBlezard] [IP Address]
しかし、解析後の一部の行では、次のような結果が発生することがわかりました。
[ServerABC] [ID 800047] [Accepted] [for] [from]
答え1
シングルawk
注文する:
awk '/Accepted .+ for JohnBlezard/{
if ($4 == "[ID") { $5 = $8; $7 = $10; $9 = $12; $11 = $14 }
print $2, $5, $7, $9, $11
}' test.txt
出力:
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
答え2
次のコマンドを使用してこの行を削除できます。grep -v
~からman grep
-v, --invert-match
Invert the sense of matching, to select non-matching lines. (-v is specified by POSIX.)
だから
$ cat test
2017-12-22T23:32:07-05:00 ServerABC sshd[22549]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[60944]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[1787]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:13-05:00 ServerABC sshd[1367]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:14-05:00 ServerABC sshd[36061]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:17+00:00 ServerABC sshd[31616]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
予想される結果
$ grep -E '(Accepted|for JohnBlezard)' test | grep -v "\[ID" | grep "JohnBlezard from" | awk '{print $2, $5, $7, $9, $11}'
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
答え3
このsedを試すことができます
sed -E '
h
s/(.*: (\[[^\]*\] )*)//
s/(( *[^ ]*){6})(.*)/\1/
s/( *[^ ]* )([^ ]*)/[\2] /g
x
s/([^ ]* )([^ ]*).*/ [\2]/
G
y/\n/ /
' infile