BEGIN{} 模塊計算
END{} 模塊awk讀取文件之後執行,先計算,最後END{}顯示結果
i++ ==== i=i+1 計算次數
i+=$1 ==== i=i+$1 計算總和
2.awk進行過濾常用的條件或模式
例1:前邊$是以第幾列爲查找對象
#顯示出包含crond|sshd|network|rsyslog|sysstat顯示他們的第一列
[root@oldboyedu44-lnb scripts]#chkconfig |awk '$1~/crond|sshd|network|rsyslog|sysstat/{print $1}'
crond
network
rsyslog
sshd
sysstat
[root@oldboyedu44-lnb scripts]#chkconfig |awk '/crond|sshd|network|rsyslog|sysstat/{print $1}'
crond
network
rsyslog
sshd
sysstat
[root@oldboyedu44-lnb scripts]#chkconfig |awk '$0~/crond|sshd|network|rsyslog|sysstat/{print $1}'
crond
network
rsyslog
sshd
sysstat
例2:
搭建環境
mkdir -p /server/files/
cat >>/server/files/reg.txt<<EOF
Zhang Dandan 41117397 :250:100:175
Zhang Xiaoyu390320151 :155:90:201
Meng Feixue 80042789 :250:60:50
Wu Waiwai 70271111 :250:80:75
Liu Bingbing 41117483 :250:100:175
Wang Xiaoai 3515064655 :50:95:135
ZiGege1986787350 :250:168:200
Li Youjiu918391635 :175:75:300
Lao Nanhai918391635 :250:100:175
EOF
註釋
1)第一列是姓氏
2)第二列是名字
3)第一第二列合起來就是姓名
4)第三列是對應的ID號碼
5)最後三列是三次捐款數量
1)顯示Xiaoyu的姓氏和ID號碼
[root@oldboyedu44-lnb files]#awk '$2~/Xiaoyu/{print $1,$2,$3}' reg.txt
Zhang Xiaoyu 390320151
2)顯示所有以41開頭的ID號碼的人的全名和ID號碼
[root@oldboyedu44-lnb files]#awk '$3~/^41/{print $1,$2,$3}' reg.txt
Zhang Dandan 41117397
Liu Bingbing 41117483
3)顯示所有ID號碼最後一位數字是1或5的人的全名
[root@oldboyedu44-lnb files]#awk '$3~/[15]$/{print $1,$2}' reg.txt |column -t
Zhang Xiaoyu
Wu Waiwai
Wang Xiaoai
Li Youjiu
Lao Nanhai
4)顯示Xiaoyu的捐款.每個值時都有以$開頭.如$520$200$135
gsub(/找誰/,"替換成什麼",哪一列)
gsub(/找誰/,"替換成什麼")
gsub(/找誰/,"替換成什麼",$0)
[root@oldboyedu44-lnb files]#awk '{gsub(/:/,"$",$NF) ;print}' reg.txt |column -t
Zhang Dandan 41117397 $250$100$175
Zhang Xiaoyu 390320151 $155$90$201
Meng Feixue 80042789 $250$60$50
Wu Waiwai 70271111 $250$80$75
Liu Bingbing 41117483 $250$100$175
Wang Xiaoai3515064655 $50$95$135
ZiGege1986787350 $250$168$200
Li Youjiu 918391635 $175$75$300
Lao Nanhai 918391635 $250$100$175
[root@gjwfiles]#awk '$2~/Xiaoyu/{gsub(/:/,"$",$NF); print}' reg.txt |column -t
Zhang Xiaoyu 390320151 $155$90$201
5)顯示所有人的全名,以姓,名的格式顯示,如Meng,Feixue
[root@oldboyedu44-lnb files]#awk -vOFS=" oldboy " '{print $1,$2}' reg.txt
Zhang oldboyDandan
Zhang oldboyXiaoyu
Meng oldboyFeixue
Wu oldboyWaiwai
Liu oldboyBingbing
Wang oldboyXiaoai
ZioldboyGege
Li oldboyYoujiu
Lao oldboyNanhai
例3:
找出secure-20161219文件中密碼錯誤的用戶名和對應的ip地址
awk '/Failed password/{print $(NF-5),$(NF-3) }' secure-20161219 |head
[root@gjw~]#awk '/Failed password/{print $(NF-5),$(NF-3)}' secure-20161219|head|column -t
support 123.31.34.190
admin 123.31.34.190
uucp 123.31.34.190
business 221.126.233.134
business 221.126.233.134
business 221.126.233.134
ftp 110.45.145.222
ftp 110.45.145.222
ftp 110.45.145.222
root 112.85.42.103
例4:
統計密碼錯誤次數
awk '/Failed password/{i++;print i}' secure-20161219在線一直算(累死cpu)
[root@oldboyedu44-lnb files]#awk '/Failed password/{i++}END{print i}' secure-20161219
367490
例5:
root用戶密碼被破解的次數
[root@gjw~]#awk '/Failed password/{i++}END{print i}' secure-20161219
367490
加入if語句(判斷)指定用戶破解的次數
[root@gjw~]#awk '/Failed password/{if($(NF-5)=="root")i++}END{print i}' secure-20161219
364610
例6:
#access.log一共使用了多少流量以MB單位顯示
[root@gjw~]#awk '{i+=$10}END{print i/1024^2}' access.log
2363.68
2.2awk數組
例1:處理以下文件內容,將域名取出並根據域名進行計數排序處理
http://www.etiantian.org/index.html
http://www.etiantian.org/1.html
http://post.etiantian.org/index.html
http://mp3.etiantian.org/index.html
http://www.etiantian.org/3.html
http://post.etiantian.org/2.html
1)格式用法
[root@oldboyedu44-lnb files]#awk 'BEGIN{h[104]="lidao";h[105]="oldboy"; print h[104]}'
lidao
[root@oldboyedu44-lnb files]#awk 'BEGIN{h[104]="lidao";h[105]="oldboy"; print h[105]}'
oldboy
[root@gjw~]#awk 'BEGIN{h[w]="root";print h[w]}'
Root
2)計算www用法次數
[root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++;print h["www"]}' url.txt
1
2
2
2
3
3
3)計算每一個用戶次數
[root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++}END{print h["www"],h["post"],h["mp3"]}' url.txt
3 2 1
4)顯示每一個用戶
[root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++}END{for(p in h) print p}' url.txt
www
mp3
post
5)顯示用戶及次數
[root@oldboyedu44-lnb files]#awk -F "[/.]+" '{h[$2]++}END{for(p in h) print p,h[p]}' url.txt
www 3
mp3 1
post 2
例2:分析access.log中每個ip地址出現的次數
[root@gjw~]#awk '{h[$1]++}END{for(p in h) print p" "h[p]}' access.log|sort -rnk2|head|column -t
58.220.223.62 12049
112.64.171.98 10856
114.83.184.139 1982
117.136.66.10 1662
115.29.245.13 1318
223.104.5.197 961
116.216.0.60 957
180.111.48.14 939
223.104.5.202 871
223.104.4.139 869
[root@gjw~]#awk -vOFS="count=" '{h[$1]++}END{for(p in h) print p" ",h[p]}' access.log |column -t|head
101.226.125.115 count=284
180.154.137.177 count=516
101.226.125.116 count=127
110.75.248.79 count=1
101.226.125.118 count=437
101.226.125.119 count=569
180.158.118.17 count=347
117.12.191.55 count=106
140.206.89.150 count=130
14.152.68.38 count=162
例3:分析access.log中每個ip地址使用的流量總數
i=i+$10 === i+=$10
awk '{h[$1]+=$10}END{for(p in h) print p,h[p]/1024^2"MB"}' access.log |sort -rnk2|head |column -t
114.83.184.139 29.91MB
117.136.66.10 21.3922MB
116.216.30.47 20.4716MB
223.104.5.197 20.4705MB
116.216.0.60 18.2584MB
114.141.164.180 16.4218MB
114.111.166.22 16.3284MB
223.104.5.202 16.1281MB
116.228.21.187 15.2301MB
112.64.171.98 14.5483MB
例4:分析secure文件中每個用戶被破解的次數:
1)破解root用戶的次數
awk '/Failed password/{if($(NF-5)=="root")i++}END{print i}' secure-20161219
364610
例5:分析secure文件中每個ip地址破解你的次數
[root@gjw ~]# awk '/Failed password/{h[$(NF-3)]++}END{for(p in h) print p" "h[p]}' secure-20161219|sort -rnk2|column -t|head
218.65.30.25 68652
218.65.30.53 34326
218.87.109.154 21201
112.85.42.103 18065
112.85.42.99 17164
218.87.109.151 17163
218.87.109.150 17163
218.65.30.61 17163
218.65.30.126 17163
218.65.30.124 17163
例6:分析secure文件中每個用戶被每個ip破解的次數
[root@gjw ~]# awk '/Failed password/{h[$(NF-5)" "$(NF-3)]++}END{for(p in h) print p" "h[p]}' secure-20161219|sort -rnk3|column -t|head -20
root 218.65.30.25 68652
root 218.65.30.53 34326
root 218.87.109.154 21201
root 112.85.42.103 18065
root 112.85.42.99 17164
root 218.87.109.151 17163
root 218.87.109.150 17163
root 218.65.30.61 17163
root 218.65.30.126 17163
root 218.65.30.124 17163
root 218.65.30.123 17163
root 218.65.30.122 17163
root 182.100.67.120 17163
例7:分析access.log文件中每個ip地址的訪問次數與每個ip地址使用的流量總數:
1)ip地址使用的流量總數
[root@gjw ~]# awk '{h[$1]++;h[$1]+=$10}END{for(p in h) print p" "h[p]/1024^2"MB"}' access.log|column -t|sort -rnk2|head
114.83.184.139 29.9119MB
117.136.66.10 21.3937MB
116.216.30.47 20.4721MB
223.104.5.197 20.4714MB
116.216.0.60 18.2593MB
114.141.164.180 16.4225MB
114.111.166.22 16.3291MB
223.104.5.202 16.1289MB
116.228.21.187 15.2306MB
112.64.171.98 14.5587MB
2)ip地址的訪問次數
[root@gjw ~]# awk '{h[$1]" "h[$1]++;s[$1]+=$10}END{for(t in h) print t" "h[t]}' access.log|column -t|sort -rnk2|head
58.220.223.62 12049
112.64.171.98 10856
114.83.184.139 1982
117.136.66.10 1662
115.29.245.13 1318
223.104.5.197 961
116.216.0.60 957
180.111.48.14 939
223.104.5.202 871
223.104.4.139 869
3)每個ip地址的訪問次數與每個ip地址使用的流量總數
[root@gjw ~]# awk '{h[$1]" "h[$1]++;s[$1]+=$10}END{for(t in h) print t" "h[t]" "s[t]/1024^2"MB"}' access.log|column -t|sort -rnk2|head
58.220.223.62 12049 12.0192MB
112.64.171.98 10856 14.5483MB
114.83.184.139 1982 29.91MB
117.136.66.10 1662 21.3922MB
115.29.245.13 1318 1.10766MB
223.104.5.197 961 20.4705MB
116.216.0.60 957 18.2584MB
180.111.48.14 939 12.9787MB
223.104.5.202 871 16.1281MB
223.104.4.139 869 8.0237MB
[root@gjw ~]# awk '{h[$1]" "h[$1]++;s[$1]+=$10}END{for(t in h) print t" "h[t]" "s[t]/1024^2"MB"}' access.log|column -t|sort -rnk3|head
114.83.184.139 1982 29.91MB
117.136.66.10 1662 21.3922MB
116.216.30.47 506 20.4716MB
223.104.5.197 961 20.4705MB
116.216.0.60 957 18.2584MB
114.141.164.180 695 16.4218MB
114.111.166.22 753 16.3284MB
223.104.5.202 871 16.1281MB
116.228.21.187 596 15.2301MB
112.64.171.98 10856 14.5483MB