3つの熱を分けたいです。最初の列には、単一の数字4、5、または6が含まれています。 2番目の列にはIDが含まれ、3番目の列には説明が含まれています。
入力例:
%ASA-4-105505: (Primary|Secondary) Failed to connect to peer unit peer-ip:port
%ASA-4-105524: (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
%ASA-4-105553: (Primary|Secondary) Detected another Active HA unit
%ASA-4-106023: Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
%ASA-4-106027: Deny src [source address] dst [destination address] by access-group “access-list name”.
%ASA-4-106103: access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
%ASA-4-108004: action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
%ASA-4-109017: User at IP_address exceeded auth proxy connection limit (max)
%ASA-4-109022: exceeded HTTPS proxy process limit
%ASA-4-109027: [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
%ASA-4-109028: aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
%ASA-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
予想出力:
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
2番目と3番目の列を抽出できますが、cat rawSyslog.txt | awk -F '[-:]' '{print $2 "\t" $3}'最後の列には出力フィールドを混乱させる特殊文字がたくさんあります。最後の列を抽出する方法は?
答え1
GNU awkを使用して、次の操作を行いますgensub()。
$ awk -F'[:-]' -v OFS='\t' '{print $2, $3, gensub(/[^ ]* /,"",1)}' file
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
または awk を使用してください。
$ awk -F'[:-]' -v OFS='\t' '{x=$0; sub(/[^ ]* /,"",x); print $2, $3, x}' file
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
答え2
パール方法:
$ perl -lne 'print join "\t",$1,$2,$3 if /-(\d)-(\d+):\s+(.*)/' file
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
答え3
使用幸せ(以前のPerl_6)
raku -ne 'put ($0,$1,$2).join("\t") if / \- (<[456]>) \- (\d+) \: \s+ (.*) /;'
または
raku -ne '.split(/<[:-]>/, 4).skip.join("\t").put;'
最初の答えは通常@terdonのPerl5コードに従いますが、2番目の答えは通常@glenn_jackmanのPerl5コードに従います。
Rakuのメモ:
らくキャプチャは
$0、Rakuは正規表現で文字をエスケープするときに推測しません。それ以外の場合は
<alnum>エスケープする必要があります。列挙された文字クラスは Raku で次のように生成されます
<[。]>先行
.(as)は、関数呼び出しがターゲット変数に適用されることを示す.split略語です。$_.$_
入力例:
%ASA-4-105505: (Primary|Secondary) Failed to connect to peer unit peer-ip:port
%ASA-4-105524: (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
%ASA-4-105553: (Primary|Secondary) Detected another Active HA unit
%ASA-4-106023: Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
%ASA-4-106027: Deny src [source address] dst [destination address] by access-group “access-list name”.
%ASA-4-106103: access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
%ASA-4-108004: action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
%ASA-4-109017: User at IP_address exceeded auth proxy connection limit (max)
%ASA-4-109022: exceeded HTTPS proxy process limit
%ASA-4-109027: [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
%ASA-4-109028: aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
%ASA-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
出力例:
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
答え4
あなたはそれを使用することができますsed:
$ sed 's/^.\{5\}\([[:digit:]]\+\)-\([[:digit:]]\+\):[[:blank:]]*\(.*\)$/\1\t\2\t\3/' file
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.