本节需要练习的部分,需要文件请留言
1.格式
模块
BEGIN{} 模块计算
END{} 模块awk读取文件之后执行,先计算,最后END{}显示结果
数组
i++ ==== i=i+1 计算次数
i+=$1 ==== i=i+$1 计算总和
2.awk进行过滤常用的条件或模式
2.1正则表达式作为条件
例1:前边$是以第几列为查找对象
#显示出包含crond|sshd|network|rsyslog|sysstat显示他们的第一列
[root@oldboyedu44-lnb scripts]#chkconfig |awk '$1~/crond|sshd|network|rsyslog|sysstat/{print $1}'
crond
network
rsyslog
sshd
sysstat
[root@oldboyedu44-lnb scripts]#chkconfig |awk '/crond|sshd|network|rsyslog|sysstat/{print $1}'
crond
network
rsyslog
sshd
sysstat
[root@oldboyedu44-lnb scripts]#chkconfig |awk '$0~/crond|sshd|network|rsyslog|sysstat/{print $1}'
crond
network
rsyslog
sshd
sysstat
例2:
搭建环境
mkdir -p /server/files/
cat >>/server/files/reg.txt< Zhang Dandan 41117397 :250:100:175 Zhang Xiaoyu390320151 :155:90:201 Meng Feixue 80042789 :250:60:50 Wu Waiwai 70271111 :250:80:75 Liu Bingbing 41117483 :250:100:175 Wang Xiaoai 3515064655 :50:95:135 ZiGege1986787350 :250:168:200 Li Youjiu918391635 :175:75:300 Lao Nanhai918391635 :250:100:175 EOF 注释 1)第一列是姓氏 2)第二列是名字 3)第一第二列合起来就是姓名 4)第三列是对应的ID号码 5)最后三列是三次捐款数量 1)显示Xiaoyu的姓氏和ID号码 [root@oldboyedu44-lnb files]#awk '$2~/Xiaoyu/{print $1,$2,$3}' reg.txt Zhang Xiaoyu 390320151 2)显示所有以41开头的ID号码的人的全名和ID号码 [root@oldboyedu44-lnb files]#awk '$3~/^41/{print $1,$2,$3}' reg.txt Zhang Dandan 41117397 Liu Bingbing 41117483 3)显示所有ID号码最后一位数字是1或5的人的全名 [root@oldboyedu44-lnb files]#awk '$3~/[15]$/{print $1,$2}' reg.txt |column -t Zhang Xiaoyu Wu Waiwai Wang Xiaoai Li Youjiu Lao Nanhai 4)显示Xiaoyu的捐款.每个值时都有以$开头.如$520$200$135 gsub(/找谁/,"替换成什么",哪一列) gsub(/找谁/,"替换成什么") gsub(/找谁/,"替换成什么",$0) [root@oldboyedu44-lnb files]#awk '{gsub(/:/,"$",$NF) ;print}' reg.txt |column -t Zhang Dandan 41117397 $250$100$175 Zhang Xiaoyu 390320151 $155$90$201 Meng Feixue 80042789 $250$60$50 Wu Waiwai 70271111 $250$80$75 Liu Bingbing 41117483 $250$100$175 Wang Xiaoai3515064655 $50$95$135 ZiGege1986787350 $250$168$200 Li Youjiu 918391635 $175$75$300 Lao Nanhai 918391635 $250$100$175 [root@gjwfiles]#awk '$2~/Xiaoyu/{gsub(/:/,"$",$NF); print}' reg.txt |column -t Zhang Xiaoyu 390320151 $155$90$201 5)显示所有人的全名,以姓,名的格式显示,如Meng,Feixue [root@oldboyedu44-lnb files]#awk -vOFS=" oldboy " '{print $1,$2}' reg.txt Zhang oldboyDandan Zhang oldboyXiaoyu Meng oldboyFeixue Wu oldboyWaiwai Liu oldboyBingbing Wang oldboyXiaoai ZioldboyGege Li oldboyYoujiu Lao oldboyNanhai 例3: 找出secure-20161219文件中密码错误的用户名和对应的ip地址 awk '/Failed password/{print $(NF-5),$(NF-3) }' secure-20161219 |head [root@gjw~]#awk '/Failed password/{print $(NF-5),$(NF-3)}' secure-20161219|head|column -t support 123.31.34.190 admin 123.31.34.190 uucp 123.31.34.190 business 221.126.233.134 business 221.126.233.134 business 221.126.233.134 ftp 110.45.145.222 ftp 110.45.145.222 ftp 110.45.145.222 root 112.85.42.103 例4: 统计密码错误次数 awk '/Failed password/{i++;print i}' secure-20161219在线一直算(累死cpu) [root@oldboyedu44-lnb files]#awk '/Failed password/{i++}END{print i}' secure-20161219 367490 例5: root用户密码被破解的次数 [root@gjw~]#awk '/Failed password/{i++}END{print i}' secure-20161219 367490 加入if语句(判断)指定用户破解的次数 [root@gjw~]#awk '/Failed password/{if($(NF-5)=="root")i++}END{print i}' secure-20161219 364610 例6: #access.log一共使用了多少流量以MB单位显示 [root@gjw~]#awk '{i+=$10}END{print i/1024^2}' access.log 2363.68 2.2awk数组 例1:处理以下文件内容,将域名取出并根据域名进行计数排序处理 http://www.etiantian.org/index.html http://www.etiantian.org/1.html http://post.etiantian.org/index.html http://mp3.etiantian.org/index.html http://www.etiantian.org/3.html http://post.etiantian.org/2.html 1)格式用法 [root@oldboyedu44-lnb files]#awk 'BEGIN{h[104]="lidao";h[105]="oldboy"; print h[104]}' lidao [root@oldboyedu44-lnb files]#awk 'BEGIN{h[104]="lidao";h[105]="oldboy"; print h[105]}' oldboy [root@gjw~]#awk 'BEGIN{h[w]="root";print h[w]}' Root 2)计算www用法次数 [root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++;print h["www"]}' url.txt 1 2 2 2 3 3 3)计算每一个用户次数 [root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++}END{print h["www"],h["post"],h["mp3"]}' url.txt 3 2 1 4)显示每一个用户 [root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++}END{for(p in h) print p}' url.txt www mp3 post 5)显示用户及次数 [root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++}END{for(p in h) print p,h[p]}' url.txt www 3 mp3 1 post 2 例2:分析access.log中每个ip地址出现的次数 [root@gjw~]#awk '{h[$1]++}END{for(p in h) print p" "h[p]}' access.log|sort -rnk2|head|column -t 58.220.223.62 12049 112.64.171.98 10856 114.83.184.139 1982 117.136.66.10 1662 115.29.245.13 1318 223.104.5.197 961 116.216.0.60 957 180.111.48.14 939 223.104.5.202 871 223.104.4.139 869 [root@gjw~]#awk -vOFS="count=" '{h[$1]++}END{for(p in h) print p" ",h[p]}' access.log |column -t|head 101.226.125.115 count=284 180.154.137.177 count=516 101.226.125.116 count=127 110.75.248.79 count=1 101.226.125.118 count=437 101.226.125.119 count=569 180.158.118.17 count=347 117.12.191.55 count=106 140.206.89.150 count=130 14.152.68.38 count=162 例3:分析access.log中每个ip地址使用的流量总数 i=i+$10 === i+=$10 awk '{h[$1]+=$10}END{for(p in h) print p,h[p]/1024^2"MB"}' access.log |sort -rnk2|head |column -t 114.83.184.139 29.91MB 117.136.66.10 21.3922MB 116.216.30.47 20.4716MB 223.104.5.197 20.4705MB 116.216.0.60 18.2584MB 114.141.164.180 16.4218MB 114.111.166.22 16.3284MB 223.104.5.202 16.1281MB 116.228.21.187 15.2301MB 112.64.171.98 14.5483MB 例4:分析secure文件中每个用户被破解的次数: 1)破解root用户的次数 awk '/Failed password/{if($(NF-5)=="root")i++}END{print i}' secure-20161219 364610 例5:分析secure文件中每个ip地址破解你的次数 [root@gjw ~]# awk '/Failed password/{h[$(NF-3)]++}END{for(p in h) print p" "h[p]}' secure-20161219|sort -rnk2|column -t|head 218.65.30.25 68652 218.65.30.53 34326 218.87.109.154 21201 112.85.42.103 18065 112.85.42.99 17164 218.87.109.151 17163 218.87.109.150 17163 218.65.30.61 17163 218.65.30.126 17163 218.65.30.124 17163 例6:分析secure文件中每个用户被每个ip破解的次数 [root@gjw ~]# awk '/Failed password/{h[$(NF-5)" "$(NF-3)]++}END{for(p in h) print p" "h[p]}' secure-20161219|sort -rnk3|column -t|head -20 root 218.65.30.25 68652 root 218.65.30.53 34326 root 218.87.109.154 21201 root 112.85.42.103 18065 root 112.85.42.99 17164 root 218.87.109.151 17163 root 218.87.109.150 17163 root 218.65.30.61 17163 root 218.65.30.126 17163 root 218.65.30.124 17163 root 218.65.30.123 17163 root 218.65.30.122 17163 root 182.100.67.120 17163 例7:分析access.log文件中每个ip地址的访问次数与每个ip地址使用的流量总数: 1)ip地址使用的流量总数 [root@gjw ~]# awk '{h[$1]++;h[$1]+=$10}END{for(p in h) print p" "h[p]/1024^2"MB"}' access.log|column -t|sort -rnk2|head 114.83.184.139 29.9119MB 117.136.66.10 21.3937MB 116.216.30.47 20.4721MB 223.104.5.197 20.4714MB 116.216.0.60 18.2593MB 114.141.164.180 16.4225MB 114.111.166.22 16.3291MB 223.104.5.202 16.1289MB 116.228.21.187 15.2306MB 112.64.171.98 14.5587MB 2)ip地址的访问次数 [root@gjw ~]# awk '{h[$1]" "h[$1]++;s[$1]+=$10}END{for(t in h) print t" "h[t]}' access.log|column -t|sort -rnk2|head 58.220.223.62 12049 112.64.171.98 10856 114.83.184.139 1982 117.136.66.10 1662 115.29.245.13 1318 223.104.5.197 961 116.216.0.60 957 180.111.48.14 939 223.104.5.202 871 223.104.4.139 869 3)每个ip地址的访问次数与每个ip地址使用的流量总数 [root@gjw ~]# awk '{h[$1]" "h[$1]++;s[$1]+=$10}END{for(t in h) print t" "h[t]" "s[t]/1024^2"MB"}' access.log|column -t|sort -rnk2|head 58.220.223.62 12049 12.0192MB 112.64.171.98 10856 14.5483MB 114.83.184.139 1982 29.91MB 117.136.66.10 1662 21.3922MB 115.29.245.13 1318 1.10766MB 223.104.5.197 961 20.4705MB 116.216.0.60 957 18.2584MB 180.111.48.14 939 12.9787MB 223.104.5.202 871 16.1281MB 223.104.4.139 869 8.0237MB [root@gjw ~]# awk '{h[$1]" "h[$1]++;s[$1]+=$10}END{for(t in h) print t" "h[t]" "s[t]/1024^2"MB"}' access.log|column -t|sort -rnk3|head 114.83.184.139 1982 29.91MB 117.136.66.10 1662 21.3922MB 116.216.30.47 506 20.4716MB 223.104.5.197 961 20.4705MB 116.216.0.60 957 18.2584MB 114.141.164.180 695 16.4218MB 114.111.166.22 753 16.3284MB 223.104.5.202 871 16.1281MB 116.228.21.187 596 15.2301MB 112.64.171.98 10856 14.5483MB