0
私はbashシェルでawkを使ってsyslogを分析します。そして、私が欲しいものをキャッチIPが一致し、複数のawkを1つにマージする方法は?
#!/bin/bash
awk -F'[#]|client ' '/query.*denied/{a[$2];b[$2]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",query_denied", b[i]}' /var/log/syslog.1 > output
awk -F'[()]|smtp:|submission:' '/max connection count/{a[$3];b[$3]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",max_connection_count", b[i]}' /var/log/syslog.1 >> output
awk -F'[][]' '/SSL_accept error from unknown/{a[$4];b[$4]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",SSL_accept_error", b[i]}' /var/log/syslog.1 >> output
などの気にいらないが、それは次のように、1つのawkにこれら三つのawkをマージすることは可能ですか?
#!/bin/bash
awk -F'[#][()]|client|smtp:|submission:' '....' > output
/var/log/syslog.1
Oct 7 02:21:48 ipb named[2677]: client 38.229.33.47#59569: query (cache) 'a998207098p59569i39337.d2016100618000222958.t12135.dnsresearch.cymru.com/A/IN' denied
Oct 7 02:39:12 ipb named[2677]: client 183.56.172.145#20000: query (cache) '2054061883.www.baidu.com/A/IN' denied
Oct 7 04:31:44 ipb named[2677]: client 141.212.122.111#38457: query (cache) 'c.afekv.com/A/IN' denied
Oct 7 05:34:21 ipb named[2677]: client 95.215.60.214#43977: query (cache) 'm24.pl/ANY/IN' denied
Oct 7 06:39:09 ipb named[2677]: client 185.94.111.1#46130: query (cache) 'com/ANY/IN' denied
Oct 7 08:22:08 ipb named[2677]: client 209.126.136.2#52517: query (cache) 'a.gtld-servers.net/A/IN' denied
Oct 7 09:00:09 ipb named[2677]: client 185.141.24.209#42825: query (cache) 'leth.cc/ANY/IN' denied
Oct 7 09:28:25 ipb named[2677]: client 124.232.142.220#38773: query (cache) 'www.google.com/A/IN' denied
Oct 7 12:31:08 ipb named[2677]: client 124.232.142.220#38332: query (cache) 'www.google.it/A/IN' denied
Oct 7 01:36:57 ipb postfix/anvil[15006]: statistics: max connection count 1 for (smtp:223.74.42.35) at Oct 7 01:33:36
Oct 7 03:14:45 ipb postfix/anvil[13320]: statistics: max connection count 1 for (submission:169.56.71.47) at Oct 7 03:11:24
Oct 7 04:16:04 ipb postfix/anvil[7596]: statistics: max connection count 1 for (smtp:223.74.42.155) at Oct 7 04:12:43
Oct 7 09:03:20 ipb postfix/anvil[357]: statistics: max connection count 1 for (smtp:62.219.225.141) at Oct 7 09:00:00
Oct 7 11:47:26 ipb postfix/anvil[28328]: statistics: max connection count 1 for (smtp:81.240.248.53) at Oct 7 11:44:03
Oct 7 13:54:54 ipb postfix/anvil[1113]: statistics: max connection count 1 for (smtp:210.211.102.38) at Oct 7 13:51:33
Oct 7 22:28:26 ipb postfix/anvil[31118]: statistics: max connection count 1 for (smtp:80.82.64.102) at Oct 7 22:25:00
Oct 7 03:11:25 ipb postfix/submission/smtpd[13318]: SSL_accept error from unknown[169.56.71.47]: lost connection
出力
141.212.122.111 ,query_denied 1
38.229.33.47 ,query_denied 1
124.232.142.220 ,query_denied 2
183.56.172.145 ,query_denied 1
209.126.136.2 ,query_denied 1
95.215.60.214 ,query_denied 1
185.94.111.1 ,query_denied 1
185.141.24.209 ,query_denied 1
80.82.64.102 ,max_connection_count 1
169.56.71.47 ,max_connection_count 1
62.219.225.141 ,max_connection_count 1
223.74.42.35 ,max_connection_count 1
81.240.248.53 ,max_connection_count 1
210.211.102.38 ,max_connection_count 1
223.74.42.155 ,max_connection_count 1
169.56.71.47 ,SSL_accept_error 1
私が試してみてください。
#!/bin/bash
awk -F'[][()#=/,]|smtp:|submission:' '\
/query.*denied/{a[$2];b[$2]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",query_denied", b[i]}\
/max connection count/{a[$3];b[$3]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",max_connection_count", b[i]}\
/SSL_accept error from unknown/{a[$4];b[$4]++}END{for(i in a)if(b[i]>0)printf "%-15s %-27s %-2s\n",i, ",SSL_accept_error", b[i]}' \
/var/log/syslog.1
しかし、出力は私が欲しいものではありません。
13320 ,query_denied 1
7596 ,query_denied 1
28328 ,query_denied 1
2677 ,query_denied 9
31118 ,query_denied 1
1113 ,query_denied 1
15006 ,query_denied 1
13318 ,query_denied 1
357 ,query_denied 1
13320 ,max_connection_count 1
7596 ,max_connection_count 1
28328 ,max_connection_count 1
2677 ,max_connection_count 9
31118 ,max_connection_count 1
1113 ,max_connection_count 1
15006 ,max_connection_count 1
13318 ,max_connection_count 1
357 ,max_connection_count 1
13320 ,SSL_accept_error 1
7596 ,SSL_accept_error 1
28328 ,SSL_accept_error 1
2677 ,SSL_accept_error 9
31118 ,SSL_accept_error 1
1113 ,SSL_accept_error 1
15006 ,SSL_accept_error 1
13318 ,SSL_accept_error 1
357 ,SSL_accept_error 1
私は初心者であり、これについてはわかりません。検索後の質問にはまだ助けがありません。何かヒント?おかげさまで
Best Regard。
最近、驚くほど手頃な価格のホワイトスペースがあり、自由に散らばっていると、あなたとあなたのスクリプトを理解しやすくなります。簡潔でテスト可能なサンプル入力と予想される出力を含めるように質問を編集することもできます。つまり、[ask]で説明した[mcve]を入力します。 –
ありがとう。 – Aeolus