Linux 用于解析日志文件的 Shell 脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6918034/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Shell script for parsing log file
提问by Darth_Sy
I'm writing a shell script to parse through log file and pull out all instances where sudo succeeded and/or failed. I'm realizing now that this probably would've been easier with shell's equivalent of regex, but I didn't want to take the time to dig around (and now I'm paying the price). Anyway:
我正在编写一个 shell 脚本来解析日志文件并提取所有 sudo 成功和/或失败的实例。我现在意识到这可能会更容易与 shell 等价于正则表达式,但我不想花时间四处挖掘(现在我正在付出代价)。反正:
sudobool=0
sudoCount=0
for i in `cat /var/log/auth.log`;
do
for word in $i;
do
if $word == "sudo:"
then
echo "sudo found"
sudobool=1;
sudoCount=`expr $sudoCount + 1`;
fi
done
sudobool=0;
done
echo "There were " $sudoCount " attempts to use sudo, " $sudoFailCount " of which failed."
So, my understanding of the code I've written: read auth.log and split it up line by line, which are stored in i. Each word in i is checked to see if it is sudo:, if it is, we flip the bool and increment. Once we've finished parsing the line, reset the bool and move to the next line.
所以,我对我写的代码的理解:读取 auth.log 并将其逐行拆分,存储在 i 中。检查 i 中的每个单词是否是 sudo:如果是,我们翻转 bool 并递增。一旦我们完成了该行的解析,重置 bool 并移动到下一行。
However, judging by my output, the shell is trying to execute the individual words of the log file, typically returning '$word : not found'.
但是,根据我的输出判断,shell 正在尝试执行日志文件的各个单词,通常返回“$word : not found”。
采纳答案by glenn Hymanman
Your error message arises from a lack of syntax in your ifstatement: you need to put the condition in [[brackets]]
您的错误消息是由于语句中缺少语法而引起的if:您需要将条件放在 [[brackets]] 中
Using the pattern matching in bash:
在 bash 中使用模式匹配:
#!/bin/bash
sudoCount=0
while read line; do
sudoBool=0
if [[ "$line" = *sudo:* ]]; then
sudoBool=1
(( sudoCount++ ))
# do something with sudobool ?
fi
done < /var/log/auth.log
echo "There were $sudoCount attempts to use sudo."
I'm not initimately familiar with the auth.log -- what is the pattern to determine success or failure?
我对 auth.log 不是很熟悉——决定成功或失败的模式是什么?
回答by Sudhi
why don't you use grep for this?
你为什么不为此使用grep?
grep sudo /var/log/auth.log
if you want a count pipe it to wc -l
如果你想要一个计数管道它到 wc -l
grep sudo /var/log/auth.log | wc -l
or still better use -c option to grep, which prints how many lines were found containing sudo
或者更好地使用 -c 选项来 grep,它会打印出包含 sudo 的行数
grep -c sudo /var/log/auth.log
or maybe I am missing something simple here?
EDIT: I saw $sudoFailCount after scrolling, do you want to count how many failed attempts were made to use sudo ?? You have not defined any value for $sudoFailCount in your script, so it will print nothing. Also you are missing the testbrackets [[ ]]around your if condition checking
或者我在这里遗漏了一些简单的东西?
编辑:我在滚动后看到 $sudoFailCount,您想计算使用 sudo 的失败尝试次数吗?您尚未在脚本中为 $sudoFailCount 定义任何值,因此它不会打印任何内容。您还缺少if 条件检查周围的test括号[[ ]]
回答by l0b0
Expanding on Sudhi's answer, here's a one-liner:
扩展 Sudhi 的答案,这是一个单行:
$ echo "There were $(grep -c ' sudo: ' /var/log/auth.log) attempts to use sudo, $(grep -c ' sudo: .*authentication failure' /var/log/auth.log) of which failed."
There were 17 attempts to use sudo, 1 of which failed.
