我运行这个脚本作为量子build议我
#!/bin/bash EDATE=$(tail -1 a | awk '{ print substr($4, 2, length($4)) }') EEPOCH=$(date -d "$(echo "$EDATE" | awk 'BEGIN { FS = "[/:]"; } \ { print $1" "$2" "$3" "$4":"$5":"$6 }')" +%s) time=$(expr 60 \* 60 \* 24 \* 5) SEPOCH=$(expr $EEPOCH - $time) while read line do DATE=$(echo $line | awk '{ print substr($4, 2, length($4)-1) }' | \ awk 'BEGIN { FS = "[/:]"; } { print $1" "$2" "$3" "$4":"$5":"$6 }') DEPOCH=$(date -d "$DATE" +%s) [[ $DEPOCH -ge $SEPOCH && $DEPOCH -le $EEPOCH ]] && echo $line | \ awk '{ print substr($4, 2, length($4)) }' >> as1 done < a 我查了一下,看来你的脚本想逐行检查日志文件。 由于它有超过14000个项目,它需要很多。 所以当我运行它时,光标会移到下一行和下一行,我应该按下它14000次,以便检查整个日志文件! 不可能! 它只是用于短日志文件,我认为。 是因为这个问题吗?
这一个class轮(我已经分开为清晰)应该给你同样的结果。 您可以select将> as1添加到最后以将输出redirect到文件。 将path放到我放置<logfile>的apache日志文件中
for d in \ $(sed -nre 's/.*\[(..)\/(...)\/(....):(..:..:..) .*/\1 \2 \3 \4/p' <logfile> | date +%s -f-); do echo $[ $d - 86400 * 5]; done
date命令不需要明确指定-d参数的UTC格式的date,虽然它不能理解date,因为apache日志输出它们,所以我做了一些replace来交换斜杠和冒号分隔date和时间与空间。
在这里给你:
#!/bin/bash EDATE=$(tail -1 aa.log | awk '{ print substr($4, 2, length($4)) }') EEPOCH=$(date -d "$(echo "$EDATE" | awk 'BEGIN { FS = "[/:]"; } \ { print $1" "$2" "$3" "$4":"$5":"$6 }')" +%s) time=$(expr 60 \* 60 \* 24 \* 5) SEPOCH=$(expr $EEPOCH - $time) while read line do DATE=$(echo $line | awk '{ print substr($4, 2, length($4)-1) }' | \ awk 'BEGIN { FS = "[/:]"; } { print $1" "$2" "$3" "$4":"$5":"$6 }') DEPOCH=$(date -d "$DATE" +%s) [[ $DEPOCH -ge $SEPOCH && $DEPOCH -le $EEPOCH ]] && echo $line | \ awk '{ print substr($4, 2, length($4)) }' >> as1 done < aa.log
UPDATE
input:
213.46.27.204 - - [21/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" "" 213.46.27.204 - - [22/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" "" 213.46.27.204 - - [23/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" "" 213.46.27.204 - - [24/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" "" 213.46.27.204 - - [25/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" "" 213.46.27.204 - - [26/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" "" 213.46.27.204 - - [27/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" "" 213.46.27.204 - - [28/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" "" 213.46.27.204 - - [29/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" "" 213.46.27.204 - - [30/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" "" 213.46.27.204 - - [01/Jan/2003:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
输出:
$ ./five_last_days.sh 27/Dec/2002:12:55:21 28/Dec/2002:12:55:21 29/Dec/2002:12:55:21 30/Dec/2002:12:55:21 01/Jan/2003:12:55:21