awk(1)

王朝学院·作者佚名  2016-08-27
窄屏简体版  字體: |||超大  

从netstat命令中提取了如下信息作为用例$ cat netstat.txtPRoto Recv-Q Send-Q Local-Address Foreign-Address State

tcp000.0.0.0:33060.0.0.0:*LISTEN

tcp000.0.0.0:800.0.0.0:*LISTEN

tcp00127.0.0.1:90000.0.0.0:*LISTEN

tcp00coolshell.cn:80124.205.5.146:18245TIME_WAIT

tcp00coolshell.cn:8061.140.101.185:37538FIN_WAIT2

tcp00coolshell.cn:80110.194.134.189:1032ESTABLISHED

tcp00coolshell.cn:80123.169.124.111:49809ESTABLISHED

tcp00coolshell.cn:80116.234.127.77:11502FIN_WAIT2

tcp00coolshell.cn:80123.169.124.111:49829ESTABLISHED

tcp00coolshell.cn:80183.60.215.36:36970TIME_WAIT

tcp04166coolshell.cn:8061.148.242.38:30901ESTABLISHED

tcp01coolshell.cn:80124.152.181.209:26825FIN_WAIT1

tcp00coolshell.cn:80110.194.134.189:4796ESTABLISHED

tcp00coolshell.cn:80183.60.212.163:51082TIME_WAIT

tcp01coolshell.cn:80208.115.113.92:50601LAST_ACK

tcp00coolshell.cn:80123.169.124.111:49840ESTABLISHED

tcp00coolshell.cn:80117.136.20.85:50025FIN_WAIT2

tcp00:::22:::* LISTEN

下面是最简单最常用的awk示例,其输出第1列和第4例其中单引号中的被大括号括着的就是awk的语句,注意,其只能被单引号包含。其中的$1..$n表示第几例。注:$0表示整个行。$ awk'{print $1, $4}'netstat.txt

Proto Local-Address

tcp0.0.0.0:3306tcp0.0.0.0:80tcp127.0.0.1:9000tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp :::22

我们再来看看awk的格式化输出,和C语言的printf没什么两样:$ awk'{printf "%-8s %-8s %-8s %-18s %-22s %-15s\n",$1,$2,$3,$4,$5,$6}'netstat.txt

Proto Recv-Q Send-Q Local-Address Foreign-Address State

tcp000.0.0.0:33060.0.0.0:*LISTEN

tcp000.0.0.0:800.0.0.0:*LISTEN

tcp00127.0.0.1:90000.0.0.0:*LISTEN

tcp00coolshell.cn:80124.205.5.146:18245TIME_WAIT

tcp00coolshell.cn:8061.140.101.185:37538FIN_WAIT2

tcp00coolshell.cn:80110.194.134.189:1032ESTABLISHED

tcp00coolshell.cn:80123.169.124.111:49809ESTABLISHED

tcp00coolshell.cn:80116.234.127.77:11502FIN_WAIT2

tcp00coolshell.cn:80123.169.124.111:49829ESTABLISHED

tcp00coolshell.cn:80183.60.215.36:36970TIME_WAIT

tcp04166coolshell.cn:8061.148.242.38:30901ESTABLISHED

tcp01coolshell.cn:80124.152.181.209:26825FIN_WAIT1

tcp00coolshell.cn:80110.194.134.189:4796ESTABLISHED

tcp00coolshell.cn:80183.60.212.163:51082TIME_WAIT

tcp01coolshell.cn:80208.115.113.92:50601LAST_ACK

tcp00coolshell.cn:80123.169.124.111:49840ESTABLISHED

tcp00coolshell.cn:80117.136.20.85:50025FIN_WAIT2

tcp00:::22:::* LISTEN

我们再来看看如何过滤记录(下面过滤条件为:第三列的值为0 && 第6列的值为LISTEN)$ awk'$3==0 && $6=="LISTEN"'netstat.txt

tcp000.0.0.0:33060.0.0.0:*LISTEN

tcp000.0.0.0:800.0.0.0:*LISTEN

tcp00127.0.0.1:90000.0.0.0:*LISTEN

tcp00:::22:::* LISTEN

其中的“==”为比较运算符。其他比较运算符:!=, <, < >=, < p>

我们来看看各种过滤记录的方式:

$ awk'$3>0 {print $0}'netstat.txt

Proto Recv-Q Send-Q Local-Address Foreign-Address State

tcp04166coolshell.cn:8061.148.242.38:30901ESTABLISHED

tcp01coolshell.cn:80124.152.181.209:26825FIN_WAIT1

tcp01coolshell.cn:80208.115.113.92:50601LAST_ACK

如果我们需要表头的话,我们可以引入内建变量NR:

$ awk'$3==0 && $6=="LISTEN" || NR==1'netstat.txt

Proto Recv-Q Send-Q Local-Address Foreign-Address State

tcp000.0.0.0:33060.0.0.0:*LISTEN

tcp000.0.0.0:800.0.0.0:*LISTEN

tcp00127.0.0.1:90000.0.0.0:*LISTEN

tcp00:::22:::* LISTEN

再加上格式化输出:

$ awk'$3==0 && $6=="LISTEN" || NR==1 {printf "%-20s %-20s %s\n",$4,$5,$6}'netstat.txt

Local-Address Foreign-Address State0.0.0.0:33060.0.0.0:*LISTEN0.0.0.0:800.0.0.0:*LISTEN127.0.0.1:90000.0.0.0:*LISTEN

:::22:::* LISTEN

内建变量说到了内建变量,我们可以来看看awk的一些内建变量:

$0当前记录(这个变量中存放着整个行的内容)

$1~$n 当前记录的第n个字段,字段间由FS分隔

FS 输入字段分隔符 默认是空格或Tab

NF 当前记录中的字段个数,就是有多少列

NR 已经读出的记录数,就是行号,从1开始,如果有多个文件话,这个值也是不断累加中。

FNR 当前记录数,与NR不同的是,这个值会是各个文件自己的行号

RS 输入的记录分隔符, 默认为换行符

OFS 输出字段分隔符, 默认也是空格

ORS 输出的记录分隔符,默认为换行符

FILENAME 当前输入文件的名字

怎么使用呢,比如:我们如果要输出行号:

$ awk'$3==0 && $6=="ESTABLISHED" || NR==1 {printf "%02s %s %-20s %-20s %s\n",NR, FNR, $4,$5,$6}'netstat.txt011Local-Address Foreign-Address State077coolshell.cn:80110.194.134.189:1032ESTABLISHED088coolshell.cn:80123.169.124.111:49809ESTABLISHED1010coolshell.cn:80123.169.124.111:49829ESTABLISHED1414coolshell.cn:80110.194.134.189:4796ESTABLISHED1717coolshell.cn:80123.169.124.111:49840ESTABLISHED

指定分隔符$ awk'BEGIN{FS=":"} {print $1,$3,$6}'/etc/passwd

root0/root

bin1/bin

daemon2/sbin

adm3/var/adm

lp4/var/spool/lpd

sync5/sbin

shutdown6/sbin

halt7/sbin

上面的命令也等价于:(-F的意思就是指定分隔符)

$ awk-F:'{print $1,$3,$6}'/etc/passwd

注:如果你要指定多个分隔符,你可以这样来:

awk-F'[;:]'

字符串匹配$ awk'$6 ~ /FIN/ || NR==1 {print NR,$4,$5,$6}'OFS="\t"netstat.txt1Local-Address Foreign-Address State6coolshell.cn:8061.140.101.185:37538FIN_WAIT29coolshell.cn:80116.234.127.77:11502FIN_WAIT213coolshell.cn:80124.152.181.209:26825FIN_WAIT118coolshell.cn:80117.136.20.85:50025FIN_WAIT2

$ $ awk'$6 ~ /WAIT/ || NR==1 {print NR,$4,$5,$6}'OFS="\t"netstat.txt1Local-Address Foreign-Address State5coolshell.cn:80124.205.5.146:18245TIME_WAIT6coolshell.cn:8061.140.101.185:37538FIN_WAIT29coolshell.cn:80116.234.127.77:11502FIN_WAIT211coolshell.cn:80183.60.215.36:36970TIME_WAIT13coolshell.cn:80124.152.181.209:26825FIN_WAIT115coolshell.cn:80183.60.212.163:51082TIME_WAIT18coolshell.cn:80117.136.20.85:50025FIN_WAIT2

上面的示例匹配FIN状态, 第二个示例匹配WAIT字样的状态。其实~ 表示模式开始。/ /中是模式。这就是一个正则表达式的匹配。

其实awk可以像grep一样的去匹配第一行,就像这样:

$ awk'/LISTEN/'netstat.txt

tcp000.0.0.0:33060.0.0.0:*LISTEN

tcp000.0.0.0:800.0.0.0:*LISTEN

tcp00127.0.0.1:90000.0.0.0:*LISTEN

tcp00:::22:::* LISTEN

我们可以使用 “/FIN|TIME/” 来匹配FIN 或者TIME :

$ awk'$6 ~ /FIN|TIME/ || NR==1 {print NR,$4,$5,$6}'OFS="\t"netstat.txt1Local-Address Foreign-Address State5coolshell.cn:80124.205.5.146:18245TIME_WAIT6coolshell.cn:8061.140.101.185:37538FIN_WAIT29coolshell.cn:80116.234.127.77:11502FIN_WAIT211coolshell.cn:80183.60.215.36:36970TIME_WAIT13coolshell.cn:80124.152.181.209:26825FIN_WAIT115coolshell.cn:80183.60.212.163:51082TIME_WAIT18coolshell.cn:80117.136.20.85:50025FIN_WAIT2

再来看看模式取反的例子:

$ awk'$6 !~ /WAIT/ || NR==1 {print NR,$4,$5,$6}'OFS="\t"netstat.txt1Local-Address Foreign-Address State20.0.0.0:33060.0.0.0:*LISTEN30.0.0.0:800.0.0.0:*LISTEN4127.0.0.1:90000.0.0.0:*LISTEN7coolshell.cn:80110.194.134.189:1032ESTABLISHED8coolshell.cn:80123.169.124.111:49809ESTABLISHED10coolshell.cn:80123.169.124.111:49829ESTABLISHED12coolshell.cn:8061.148.242.38:30901ESTABLISHED14coolshell.cn:80110.194.134.189:4796ESTABLISHED16coolshell.cn:80208.115.113.92:50601LAST_ACK17coolshell.cn:80123.169.124.111:49840ESTABLISHED19:::22:::* LISTEN

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航