awk で特定フィールド以降のみ表示する。
- i=nを変更することで任意のフィールド以降を表示。
awk '{for(i=8;i<NF;i++){printf("%s%s",$i,OFS=" ")}print $NF}'
例示。
元のログ。
# cat /var/log/httpd/error_log
[Sun Apr 10 04:41:07 2016] [notice] Digest: generating secret for digest authentication ...
[Sun Apr 10 04:41:07 2016] [notice] Digest: done
[Sun Apr 10 04:41:11 2016] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.4.45 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Mon Apr 11 02:32:12 2016] [error] [client 141.212.122.129] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /x
[Mon Apr 11 21:21:49 2016] [error] [client 89.232.118.83] script '/var/www/wp/admin.php' not found or unable to stat
[Mon Apr 11 22:45:58 2016] [error] [client 95.220.60.62] script '/var/www/wp/admin.php' not found or unable to stat
[Mon Apr 11 23:08:11 2016] [error] [client 114.134.185.174] script '/var/www/wp/admin.php' not found or unable to stat
[Mon Apr 11 23:28:32 2016] [error] [client 95.153.131.58] script '/var/www/wp/admin.php' not found or unable to stat
[Mon Apr 11 23:50:40 2016] [error] [client 109.87.118.240] script '/var/www/wp/admin.php' not found or unable to stat
#
第9フィールド以降抜き出すとこんな感じ。
# awk '{for(i=9;i<NF;i++){printf("%s%s",$i,OFS=" ")}print $NF}' /var/log/httpd/error_log
secret for digest authentication ...
done
DAV/2 PHP/5.4.45 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /x
script '/var/www/wp/admin.php' not found or unable to stat
script '/var/www/wp/admin.php' not found or unable to stat
script '/var/www/wp/admin.php' not found or unable to stat
script '/var/www/wp/admin.php' not found or unable to stat
script '/var/www/wp/admin.php' not found or unable to stat
#
awkで末尾から数えてn番目のフィールドを取り出す。
awkで簡易アクセスログ解析
vmstatで実行時刻を表示する。(vmstatに時刻出力機能がないので、awkで出す。)
vmstat 1 | awk '{ print strftime("%Y/%m/%d %H:%M:%S"), $0 }'
例示
[root@koizumi-test ~]# vmstat 1 | awk '{ print strftime("%Y/%m/%d %H:%M:%S"), $0 }'
2017/12/20 10:24:32 procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
2017/12/20 10:24:32 r b swpd free buff cache si so bi bo in cs us sy id wa st
2017/12/20 10:24:32 1 0 0 1666140 76332 145312 0 0 13 13 19 50 0 0 100 0 0
2017/12/20 10:24:33 0 0 0 1666140 76332 145336 0 0 0 0 20 54 0 0 100 0 0
^C
[root@koizumi-test ~]#
vmstatで実行時刻を表示する。(秒まで出すならこちらのほうがスマート)
vmstat 1 |awk '{print strftime("%Y%m%d %T"), $0}'
例示
[root@koizumi-test ~]# vmstat 1 |awk '{print strftime("%Y%m%d %T"), $0}'
20171220 10:24:37 procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
20171220 10:24:37 r b swpd free buff cache si so bi bo in cs us sy id wa st
20171220 10:24:37 1 0 0 1666172 76340 145336 0 0 13 13 19 50 0 0 100 0 0
20171220 10:24:38 0 0 0 1666140 76340 145336 0 0 0 0 20 54 0 0 100 0 0
^C
[root@koizumi-test ~]#
cronのJOBで9-20の間に実行設定されているJOBを調査する。
# egrep -v "^#|^$" /var/spool/cron/root |awk '($2 >=9 && $2 <= 20)( $2 == "*" ) {print}' |sort -k2