實際日誌是:
2016-06-19 22:08:09 [213917] 1bEgCe-000tZR-E9 ** [email protected] ([email protected]) <[email protected]> F=<[email protected]> P=<[email protected]> R=lookuphost T=remote_smtp H=mailin-01.mx.aol.com [64.12.88.131]:25 I=[36.23.21.11]:60147: SMTP error from remote mail server after initial connection: 554- (RTR:BL) https://postmaster.aol.com/error-codes#554rtrbl\n554 Connecting IP: 36.23.21.11
2016-06-20 01:03:22 [516458] 1bEiwD-001zt7-IY ** [email protected] ([email protected]) <[email protected]> F=<[email protected]> P=<[email protected]> R=lookuphost T=remote_smtp H=mailin-02.mx.aol.com [64.12.88.163]:25 I=[36.23.21.14]:47630: SMTP error from remote mail server after initial connection: 554- (RTR:BL) https://postmaster.aol.com/error-codes#554rtrbl\n554 Connecting IP: 36.23.21.14
2016-06-20 09:29:46 [256975] 1bEqpT-0014jI-HV ** [email protected] F=<[email protected]> P=<[email protected]> R=dkim_lookuphost T=dkim_remote_smtp H=mailin-04.mx.aol.com [64.12.88.132]:25 I=[36.23.21.11]:43705: SMTP error from remote mail server after initial connection: 421 DYN:T2 https://postmaster.aol.com/error-codes#554rtrbl\n554 Connecting IP: 36.23.21.11
2016-06-20 11:41:34 [413114] 1bEstm-001jSC-Ic ** [email protected] F=<[email protected]> P=<[email protected]> R=dkim_lookuphost T=dkim_remote_smtp H=mailin-02.mx.aol.com [64.12.91.195]:25 I=[36.23.21.14]:48714: SMTP error from remote mail server after initial connection: 421 DYN:T1 https://postmaster.aol.com/error-codes#554rtrbl\n554 Connecting IP: 36.23.21.14
我想得到什麼:
Timestamp EmailTo: EmailFrom: IPAddress: ErrorCodes:
2016-06-19 [email protected] [email protected] 36.23.21.11 554- (RTR:BL)
2016-06-20 [email protected] [email protected] 36.23.21.14 554- (RTR:BL)
2016-06-20 [email protected] [email protected] 36.23.21.11 421 DYN:T2
2016-06-20 [email protected] [email protected] 36.23.21.14 421 DYN:T1
我從以下命令中提取了前三個字段:
echo -e "Timestamp\t\tEmailTo:\t\tEmailFrom:\t\t\t\t\t\t\t\tIPAddress:\tErrorCodes:" && awk 'NF>6 { d=6 ; while ( ! ($d ~ /^F=/ ) ) d++ ; printf "%s\t%s\t%s\n",$1,$6,substr($d,4,length($d)-4) ;} ' logs | column -t
感謝所有人,但我已經做到了:
echo -e "Timestamp:\tEmailTo:\tEmailFrom:\t\tIPAddress:\tErrorCodes:" && awk 'NF>6 { d=6 ; while ( ! ($d ~ /^F=/ ) ) d++ ; print "%s\t%s\t%s\t%s\t%s\t%s\n",$1,$6,substr($d,4,length($d)-4),$NF,$(NF-5)$(NF-4) ; }' oops | column -t| grep -v "%s"
答案1
您使用 awk 的方向是正確的。您應該編寫一個腳本來讀取日誌,並使用製表符分隔的欄位進行輸出。然後使用 column 指令重新對齊列:
提取.awk²:
BEGIN {OFS="\t"; print "Timestamp\tEmailTo:\tEmailFrom:\tIPAddress:\tErrorCodes:"}
{print $1, $6, $7, $NF, $(NF-5)}
然後使用以下命令運行它:
awk -f extract.awk logs | column -t -s '^I'
其中'^I'代表引號中的實際選項卡。
唯一棘手的部分是處理日誌中的錯誤訊息,該訊息可能是可變數量的單字。我透過計算 IP 和錯誤代碼欄位右側的列來解決這個問題。
輸出如下:
Timestamp EmailTo: EmailFrom: IPAddress: ErrorCodes:
2016-06-19 [email protected] ([email protected]) 36.23.21.11 554-
2016-06-20 [email protected] ([email protected]) 36.23.21.14 554-
2016-06-20 [email protected] F=<[email protected]> 36.23.21.11 421
2016-06-20 [email protected] F=<[email protected]> 36.23.21.14 421
我可能對輸入列的猜測是錯誤的,因為您沒有指定哪個是哪個,如果您想清理第三列中的電子郵件地址,那麼您可能對 awk 來說太深了,是時候考慮使用Python 或Perl 。
或使用您選擇的輸出分隔符,只要它不在任何資料中即可。然後將其用作-s的參數column。
²正如 @Kusalananda 指出的那樣,沒有理由將 awk 腳本編寫為一行程式碼。這是他的版本:
BEGIN {
OFS="\t";
print "Timestamp\tEmailTo:\tEmailFrom:\tIPAddress:\tErrorCodes:";
}
{
print $1, $6, $7, $NF, $(NF-5);
}
就我而言,我喜歡一句台詞。