BEGIN{} 模块计算
END{} 模块awk读取文件之后执行,先计算,最后END{}显示结果
i++ ==== i=i+1 计算次数
i+=$1 ==== i=i+$1 计算总和
2.awk进行过滤常用的条件或模式
例1:前边$是以第几列为查找对象
#显示出包含crond|sshd|network|rsyslog|sysstat显示他们的第一列
[root@oldboyedu44-lnb scripts]#chkconfig |awk '$1~/crond|sshd|network|rsyslog|sysstat/{print $1}'
crond
network
rsyslog
sshd
sysstat
[root@oldboyedu44-lnb scripts]#chkconfig |awk '/crond|sshd|network|rsyslog|sysstat/{print $1}'
crond
network
rsyslog
sshd
sysstat
[root@oldboyedu44-lnb scripts]#chkconfig |awk '$0~/crond|sshd|network|rsyslog|sysstat/{print $1}'
crond
network
rsyslog
sshd
sysstat
例2:
搭建环境
mkdir -p /server/files/
cat >>/server/files/reg.txt<<EOF
Zhang Dandan 41117397 :250:100:175
Zhang Xiaoyu390320151 :155:90:201
Meng Feixue 80042789 :250:60:50
Wu Waiwai 70271111 :250:80:75
Liu Bingbing 41117483 :250:100:175
Wang Xiaoai 3515064655 :50:95:135
ZiGege1986787350 :250:168:200
Li Youjiu918391635 :175:75:300
Lao Nanhai918391635 :250:100:175
EOF
注释
1)第一列是姓氏
2)第二列是名字
3)第一第二列合起来就是姓名
4)第三列是对应的ID号码
5)最后三列是三次捐款数量
1)显示Xiaoyu的姓氏和ID号码
[root@oldboyedu44-lnb files]#awk '$2~/Xiaoyu/{print $1,$2,$3}' reg.txt
Zhang Xiaoyu 390320151
2)显示所有以41开头的ID号码的人的全名和ID号码
[root@oldboyedu44-lnb files]#awk '$3~/^41/{print $1,$2,$3}' reg.txt
Zhang Dandan 41117397
Liu Bingbing 41117483
3)显示所有ID号码最后一位数字是1或5的人的全名
[root@oldboyedu44-lnb files]#awk '$3~/[15]$/{print $1,$2}' reg.txt |column -t
Zhang Xiaoyu
Wu Waiwai
Wang Xiaoai
Li Youjiu
Lao Nanhai
4)显示Xiaoyu的捐款.每个值时都有以$开头.如$520$200$135
gsub(/找谁/,"替换成什么",哪一列)
gsub(/找谁/,"替换成什么")
gsub(/找谁/,"替换成什么",$0)
[root@oldboyedu44-lnb files]#awk '{gsub(/:/,"$",$NF) ;print}' reg.txt |column -t
Zhang Dandan 41117397 $250$100$175
Zhang Xiaoyu 390320151 $155$90$201
Meng Feixue 80042789 $250$60$50
Wu Waiwai 70271111 $250$80$75
Liu Bingbing 41117483 $250$100$175
Wang Xiaoai3515064655 $50$95$135
ZiGege1986787350 $250$168$200
Li Youjiu 918391635 $175$75$300
Lao Nanhai 918391635 $250$100$175
[root@gjwfiles]#awk '$2~/Xiaoyu/{gsub(/:/,"$",$NF); print}' reg.txt |column -t
Zhang Xiaoyu 390320151 $155$90$201
5)显示所有人的全名,以姓,名的格式显示,如Meng,Feixue
[root@oldboyedu44-lnb files]#awk -vOFS=" oldboy " '{print $1,$2}' reg.txt
Zhang oldboyDandan
Zhang oldboyXiaoyu
Meng oldboyFeixue
Wu oldboyWaiwai
Liu oldboyBingbing
Wang oldboyXiaoai
ZioldboyGege
Li oldboyYoujiu
Lao oldboyNanhai
例3:
找出secure-20161219文件中密码错误的用户名和对应的ip地址
awk '/Failed password/{print $(NF-5),$(NF-3) }' secure-20161219 |head
[root@gjw~]#awk '/Failed password/{print $(NF-5),$(NF-3)}' secure-20161219|head|column -t
support 123.31.34.190
admin 123.31.34.190
uucp 123.31.34.190
business 221.126.233.134
business 221.126.233.134
business 221.126.233.134
ftp 110.45.145.222
ftp 110.45.145.222
ftp 110.45.145.222
root 112.85.42.103
例4:
统计密码错误次数
awk '/Failed password/{i++;print i}' secure-20161219在线一直算(累死cpu)
[root@oldboyedu44-lnb files]#awk '/Failed password/{i++}END{print i}' secure-20161219
367490
例5:
root用户密码被破解的次数
[root@gjw~]#awk '/Failed password/{i++}END{print i}' secure-20161219
367490
加入if语句(判断)指定用户破解的次数
[root@gjw~]#awk '/Failed password/{if($(NF-5)=="root")i++}END{print i}' secure-20161219
364610
例6:
#access.log一共使用了多少流量以MB单位显示
[root@gjw~]#awk '{i+=$10}END{print i/1024^2}' access.log
2363.68
2.2awk数组
例1:处理以下文件内容,将域名取出并根据域名进行计数排序处理
http://www.etiantian.org/index.html
http://www.etiantian.org/1.html
http://post.etiantian.org/index.html
http://mp3.etiantian.org/index.html
http://www.etiantian.org/3.html
http://post.etiantian.org/2.html
1)格式用法
[root@oldboyedu44-lnb files]#awk 'BEGIN{h[104]="lidao";h[105]="oldboy"; print h[104]}'
lidao
[root@oldboyedu44-lnb files]#awk 'BEGIN{h[104]="lidao";h[105]="oldboy"; print h[105]}'
oldboy
[root@gjw~]#awk 'BEGIN{h[w]="root";print h[w]}'
Root
2)计算www用法次数
[root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++;print h["www"]}' url.txt
1
2
2
2
3
3
3)计算每一个用户次数
[root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++}END{print h["www"],h["post"],h["mp3"]}' url.txt
3 2 1
4)显示每一个用户
[root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++}END{for(p in h) print p}' url.txt
www
mp3
post
5)显示用户及次数
[root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++}END{for(p in h) print p,h[p]}' url.txt
www 3
mp3 1
post 2
例2:分析access.log中每个ip地址出现的次数
[root@gjw~]#awk '{h[$1]++}END{for(p in h) print p" "h[p]}' access.log|sort -rnk2|head|column -t
58.220.223.62 12049
112.64.171.98 10856
114.83.184.139 1982
117.136.66.10 1662
115.29.245.13 1318
223.104.5.197 961
116.216.0.60 957
180.111.48.14 939
223.104.5.202 871
223.104.4.139 869
[root@gjw~]#awk -vOFS="count=" '{h[$1]++}END{for(p in h) print p" ",h[p]}' access.log |column -t|head
101.226.125.115 count=284
180.154.137.177 count=516
101.226.125.116 count=127
110.75.248.79 count=1
101.226.125.118 count=437
101.226.125.119 count=569
180.158.118.17 count=347
117.12.191.55 count=106
140.206.89.150 count=130
14.152.68.38 count=162
例3:分析access.log中每个ip地址使用的流量总数
i=i+$10 === i+=$10
awk '{h[$1]+=$10}END{for(p in h) print p,h[p]/1024^2"MB"}' access.log |sort -rnk2|head |column -t
114.83.184.139 29.91MB
117.136.66.10 21.3922MB
116.216.30.47 20.4716MB
223.104.5.197 20.4705MB
116.216.0.60 18.2584MB
114.141.164.180 16.4218MB
114.111.166.22 16.3284MB
223.104.5.202 16.1281MB
116.228.21.187 15.2301MB
112.64.171.98 14.5483MB
例4:分析secure文件中每个用户被破解的次数:
1)破解root用户的次数
awk '/Failed password/{if($(NF-5)=="root")i++}END{print i}' secure-20161219
364610
例5:分析secure文件中每个ip地址破解你的次数
[root@gjw ~]# awk '/Failed password/{h[$(NF-3)]++}END{for(p in h) print p" "h[p]}' secure-20161219|sort -rnk2|column -t|head
218.65.30.25 68652
218.65.30.53 34326
218.87.109.154 21201
112.85.42.103 18065
112.85.42.99 17164
218.87.109.151 17163
218.87.109.150 17163
218.65.30.61 17163
218.65.30.126 17163
218.65.30.124 17163
例6:分析secure文件中每个用户被每个ip破解的次数
[root@gjw ~]# awk '/Failed password/{h[$(NF-5)" "$(NF-3)]++}END{for(p in h) print p" "h[p]}' secure-20161219|sort -rnk3|column -t|head -20
root 218.65.30.25 68652
root 218.65.30.53 34326
root 218.87.109.154 21201
root 112.85.42.103 18065
root 112.85.42.99 17164
root 218.87.109.151 17163
root 218.87.109.150 17163
root 218.65.30.61 17163
root 218.65.30.126 17163
root 218.65.30.124 17163
root 218.65.30.123 17163
root 218.65.30.122 17163
root 182.100.67.120 17163
例7:分析access.log文件中每个ip地址的访问次数与每个ip地址使用的流量总数:
1)ip地址使用的流量总数
[root@gjw ~]# awk '{h[$1]++;h[$1]+=$10}END{for(p in h) print p" "h[p]/1024^2"MB"}' access.log|column -t|sort -rnk2|head
114.83.184.139 29.9119MB
117.136.66.10 21.3937MB
116.216.30.47 20.4721MB
223.104.5.197 20.4714MB
116.216.0.60 18.2593MB
114.141.164.180 16.4225MB
114.111.166.22 16.3291MB
223.104.5.202 16.1289MB
116.228.21.187 15.2306MB
112.64.171.98 14.5587MB
2)ip地址的访问次数
[root@gjw ~]# awk '{h[$1]" "h[$1]++;s[$1]+=$10}END{for(t in h) print t" "h[t]}' access.log|column -t|sort -rnk2|head
58.220.223.62 12049
112.64.171.98 10856
114.83.184.139 1982
117.136.66.10 1662
115.29.245.13 1318
223.104.5.197 961
116.216.0.60 957
180.111.48.14 939
223.104.5.202 871
223.104.4.139 869
3)每个ip地址的访问次数与每个ip地址使用的流量总数
[root@gjw ~]# awk '{h[$1]" "h[$1]++;s[$1]+=$10}END{for(t in h) print t" "h[t]" "s[t]/1024^2"MB"}' access.log|column -t|sort -rnk2|head
58.220.223.62 12049 12.0192MB
112.64.171.98 10856 14.5483MB
114.83.184.139 1982 29.91MB
117.136.66.10 1662 21.3922MB
115.29.245.13 1318 1.10766MB
223.104.5.197 961 20.4705MB
116.216.0.60 957 18.2584MB
180.111.48.14 939 12.9787MB
223.104.5.202 871 16.1281MB
223.104.4.139 869 8.0237MB
[root@gjw ~]# awk '{h[$1]" "h[$1]++;s[$1]+=$10}END{for(t in h) print t" "h[t]" "s[t]/1024^2"MB"}' access.log|column -t|sort -rnk3|head
114.83.184.139 1982 29.91MB
117.136.66.10 1662 21.3922MB
116.216.30.47 506 20.4716MB
223.104.5.197 961 20.4705MB
116.216.0.60 957 18.2584MB
114.141.164.180 695 16.4218MB
114.111.166.22 753 16.3284MB
223.104.5.202 871 16.1281MB
116.228.21.187 596 15.2301MB
112.64.171.98 10856 14.5483MB
