awkに関するオレオレTips

awk で特定フィールド以降のみ表示する。

• i=nを変更することで任意のフィールド以降を表示。

awk '{for(i=8;i<NF;i++){printf("%s%s",$i,OFS=" ")}print $NF}'

例示。

元のログ。

# cat /var/log/httpd/error_log                                                                               
[Sun Apr 10 04:41:07 2016] [notice] Digest: generating secret for digest authentication ...
[Sun Apr 10 04:41:07 2016] [notice] Digest: done
[Sun Apr 10 04:41:11 2016] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.4.45 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Mon Apr 11 02:32:12 2016] [error] [client 141.212.122.129] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /x
[Mon Apr 11 21:21:49 2016] [error] [client 89.232.118.83] script '/var/www/wp/admin.php' not found or unable to stat
[Mon Apr 11 22:45:58 2016] [error] [client 95.220.60.62] script '/var/www/wp/admin.php' not found or unable to stat
[Mon Apr 11 23:08:11 2016] [error] [client 114.134.185.174] script '/var/www/wp/admin.php' not found or unable to stat
[Mon Apr 11 23:28:32 2016] [error] [client 95.153.131.58] script '/var/www/wp/admin.php' not found or unable to stat
[Mon Apr 11 23:50:40 2016] [error] [client 109.87.118.240] script '/var/www/wp/admin.php' not found or unable to stat
# 

第9フィールド以降抜き出すとこんな感じ。

# awk '{for(i=9;i<NF;i++){printf("%s%s",$i,OFS=" ")}print $NF}' /var/log/httpd/error_log 
secret for digest authentication ...
done
DAV/2 PHP/5.4.45 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /x
script '/var/www/wp/admin.php' not found or unable to stat
script '/var/www/wp/admin.php' not found or unable to stat
script '/var/www/wp/admin.php' not found or unable to stat
script '/var/www/wp/admin.php' not found or unable to stat
script '/var/www/wp/admin.php' not found or unable to stat
# 

awkで末尾から数えてn番目のフィールドを取り出す。

awkで簡易アクセスログ解析

vmstatで実行時刻を表示する。(vmstatに時刻出力機能がないので、awkで出す。)

vmstat 1  | awk '{ print strftime("%Y/%m/%d %H:%M:%S"), $0 }'

例示

[root@koizumi-test ~]# vmstat 1  | awk '{ print strftime("%Y/%m/%d %H:%M:%S"), $0 }'  
2017/12/20 10:24:32 procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
2017/12/20 10:24:32  r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
2017/12/20 10:24:32  1  0      0 1666140  76332 145312    0    0    13    13   19   50  0  0 100  0  0  
2017/12/20 10:24:33  0  0      0 1666140  76332 145336    0    0     0     0   20   54  0  0 100  0  0  
^C
[root@koizumi-test ~]#

vmstatで実行時刻を表示する。(秒まで出すならこちらのほうがスマート)

vmstat 1 |awk '{print strftime("%Y%m%d %T"), $0}'

例示

[root@koizumi-test ~]# vmstat 1 |awk '{print strftime("%Y%m%d %T"), $0}'
20171220 10:24:37 procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
20171220 10:24:37  r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
20171220 10:24:37  1  0      0 1666172  76340 145336    0    0    13    13   19   50  0  0 100  0  0    
20171220 10:24:38  0  0      0 1666140  76340 145336    0    0     0     0   20   54  0  0 100  0  0    
^C
[root@koizumi-test ~]# 

cronのJOBで9-20の間に実行設定されているJOBを調査する。

# egrep -v "^#|^$" /var/spool/cron/root |awk '($2 >=9 && $2 <= 20)( $2 == "*" ) {print}' |sort -k2