使用awk分析日志檔案-有解無憂

您好，我有以下日志文??件的以下內容：

Mon, 22 Mar 2020 13:15:39  0200|185.34.66.225|user_1| - |user logged in| -
Mon, 22 Mar 2020 13:15:39  0200|185.34.66.225|user_1| - |user changed password| -
Mon, 22 Mar 2020 13:15:39  0200|185.34.66.225|user_1| - |user logged off| -
Mon, 22 Mar 2020 13:15:42  0200|185.34.66.225|user_2| - |user logged in| -
Mon, 22 Mar 2020 13:15:40  0200|185.34.66.215|user_3| - |user logged in| -
Mon, 22 Mar 2020 13:15:49  0200|185.34.66.215|user_3| - |user changed password| -
Mon, 22 Mar 2020 13:15:49  0200|185.34.66.215|user_3| - |user logged off| -
Mon, 22 Mar 2020 13:15:59  0200|185.34.66.205|user_4| - |user logged in| -
Mon, 22 Mar 2020 13:15:59  0200|185.34.66.205|user_4| - |user logged in| -
Mon, 22 Mar 2020 13:15:59  0200|185.34.66.205|user_4| - |user changed password| -
Mon, 22 Mar 2020 13:15:59  0200|185.34.66.205|user_4| - |user logged off| -
Mon, 22 Mar 2020 13:17:50  0200|185.34.66.205|user_5| - |user logged in| -
Mon, 22 Mar 2020 13:17:50  0200|185.34.66.205|user_5| - |user changed password| -
Mon, 22 Mar 2020 13:17:50  0200|185.34.66.205|user_5| - |user changed profile| -
Mon, 22 Mar 2020 13:17:50  0200|185.34.66.205|user_5| - |user logged off| -
Mon, 22 Mar 2020 15:19:19  0200|178.56.66.225|user_6| - |user logged in| -
Mon, 22 Mar 2020 15:19:19  0200|178.56.66.225|user_6| - |user changed password| -
Mon, 22 Mar 2020 15:19:19  0200|178.56.66.225|user_6| - |user logged off| -
Mon, 22 Mar 2020 13:20:42  0200|185.34.67.225|user_7| - |user logged in| -

主要思想是獲取登錄、更改密碼、在同一秒內注銷的機器人串列，并且在這 3 個操作之間不執行任何其他操作：我能夠使用以下命令實作我想要的：

cat /path/to/file | awk '{split($0,a,"|"); print a[3],a[1],a[5]}' | awk '{ print $6,$1,$8,$9,$10 }' | grep -A 1 -B 1 "user changed password" | awk 'seen[$1] ==2' | grep "user logged off" | awk '{ print $2}'

輸出：

user_1
user_4
user_6

但是我需要專家幫助來縮短我的代碼并使其在巨大的日志檔案中盡可能快地作業

任何幫助，將不勝感激

uj5u.com熱心網友回復：

一次awk通話即可完成所有操作。

awk -F'|' '
  BEGIN {
    a[0]="user logged in"
    a[1]="user changed password"
    a[2]="user logged off"
  }
 lastuser!= $3 || lasttime!=$1 || a[expected]!=$5 {
   lasttime=$1
   lastuser=$3
   expected=(a[0]==$5?1:0)
   next
 }
 expected  ==2 {
   print $3
 }' path_to_file

轉載請註明出處，本文鏈接：https://www.uj5u.com/shujuku/392352.html

標籤：猛击 awk

上一篇：JetpackCompose-使影像縮放到列/行中的可用大小

下一篇：將私鑰作為標頭傳遞給curlPUT回傳非法字符錯誤