여기에서 찾은 비슷한 질문에 대한 추가 도움이 필요합니다.여러 행을 단일 행으로 변환
현재 SED 예시
(sed -e'y/)},={/(((((/' \
-e's/-\([^(I]*\)[^0-9]*\([0-9]*\)[( ]*/- \2 -\1/;=' |
paste -d- - - |
sort -t- -nk3,3 -nk1,1 |
sed -e's/^[^-]*-//;:n' -e'h;$!N' \
-e's/\(-\([^-]*-\).*[^ ]\) *\n\([^-]*-\)\{2\}\2/\1 - \3/;tn' \
-ex\;:t -e's/\(\([^-]*-\)[^/]*\) - *\2/\1,/;tt' -e'p;g;D' ) \
< in.txt > out.txt
여러 줄의 로그를 따르세요
6/13/2015 12:00:47 AM - { 562} START Web
6/13/2015 12:00:47 AM - Requested Web connection from 123.125.71.103[123.125.71.103], ID=562
6/13/2015 12:01:24 AM - { 563} START POP3
6/13/2015 12:01:24 AM - Requested POP3 connection from 10.127.251.37 [10.127.251.37], ID=563
6/13/2015 12:01:24 AM - ( 563) USER [email protected]
6/13/2015 12:01:24 AM - POP3 connection with 10.127.251.37 [10.127.251.37] ended. ID=563
6/13/2015 12:01:24 AM - { 563} END POP3
6/13/2015 12:01:24 AM - { 564} START POP3
6/13/2015 12:01:24 AM - Requested POP3 connection from 10.127.251.37 [10.127.251.37], ID=564
6/13/2015 12:01:24 AM - ( 564) USER [email protected]
6/13/2015 12:01:24 AM - POP3 connection with 10.127.251.37 [10.127.251.37] ended. ID=564
6/13/2015 12:01:24 AM - { 564} END POP3
6/13/2015 12:01:40 AM - Web connection with 123.125.71.103 [123.125.71.103] ended. ID=562
6/13/2015 12:01:40 AM - { 562} END Web
로 변환하다
6/13/2015 12:00:47 AM - 562 - START Web, Requested Web connection from 123.125.71.103 [123.125.71.103] - 6/13/2015 12:01:40 AM - Web connection with 123.125.71.103 [123.125.71.103] ended., END Web
6/13/2015 12:01:24 AM - 563 - START POP3, Requested POP3 connection from 10.127.251.37 [10.127.251.37], USER [email protected], POP3 connection with 10.127.251.37 [10.127.251.37] ended., END POP3
6/13/2015 12:01:24 AM - 564 - START POP3, Requested POP3 connection from 10.127.251.37 [10.127.251.37], USER [email protected], POP3 connection with 10.127.251.37 [10.127.251.37] ended., END POP3
대괄호 안에 다음 ID가 포함된 로그를 포함하도록 SED를 수정하고 싶습니다(예: [ 667]).
로그 예시
6/13/2015 2:15:09 AM - Starting delivery thread, ID=667
6/13/2015 2:15:09 AM - { 667} START Delivery
6/13/2015 2:15:09 AM - Active delivery threads (ID=667 start): 0
6/13/2015 2:15:09 AM - [ 667] Delivering to [email protected]
6/13/2015 2:15:09 AM - [ 667] Forwarding mail...
6/13/2015 2:15:09 AM - [ 667] Forwarding message to 1 address(es)
6/13/2015 2:15:09 AM - Delivery thread, ID=667, terminated after running for 0.031 seconds.
6/13/2015 2:15:09 AM - { 667} END Delivery
6/13/2015 2:15:09 AM - Active delivery threads (ID=667 end): 0
두 번째 질문은 ID가 없는 로그를 무시하는 방법입니다. 그다지 중요하지는 않지만 필터링하는 것이 좋습니다.
예를 들어:
6/13/2015 2:43:24 AM - Exended logging
6/13/2015 2:43:24 AM - Setting msgSizeLimit 15
미리 감사드립니다.
답변1
sed이는 여기에 나열된 모든 가능성을 처리하기 위해 수정해야 할 첫 번째 사항입니다 . 특히 단일 정규식에서 모든 가능성을 처리하는 대신 두 가지 다른 유형의 줄을 별도로 처리해야 합니다.ID-줄의 첫 번째 대시와 그 줄에 있는 다른 유형의 대시 바로 뒤에는 대시 표시가 있습니다.ID=다른 곳.
( sed -e= -e's/- [({[] *\([0-9]*\) *[])}]/- \1 -/;t' \
-e's/-\(.*[^, ]\)[, ]*ID=\([0-9]*\)[, ]\{0,1\}/- \2 -\1/' |
paste -d- - - |
sort -t- -nk3,3 -nk1,1 |
sed -e's/^[^-]*-//;:n' -e'h;$!N' \
-e's/\(-\([^-]*-\).*[^ ]\) *\n\([^-]*-\)\{2\}\2/\1 - \3/;tn' \
-ex\;:t -e's/\(\([^-]*-\)[^/]*\)- *\2/\1:::/;tt' -e'p;g;D'
) <in >out
이번이 두 번째이지만 -E확장된 정규식 구문을 사용하여 작성되었습니다. 이것은 적어도 BSD/GNU/AST에서는 작동합니다 sed:
( sed -Ee= -e's/- [({[] *([0-9]+) *[])}]/- \1 -/;t' \
-e's/-(.*[^, ])[, ]*ID=([0-9]+)[, ]?/- \2 -\1/' |
paste -d- - - |
sort -t- -nk3,3 -nk1,1 |
sed -Ee's/^[^-]*-//;:n' -e'h;$!N' \
-e's/(-([^-]+-).*[^ ]) *\n([^-]+-){2}\2/\1 - \3/;tn' \
-ex\;:t -e's/(([^-]+-)[^/]*)- *\2/\1:::/;tt' -e'p;g;D'
) <in >out
이제 모든 로그 데이터의 연결을 테스트했습니다.
6/13/2015 12:00:47 AM - { 562} START Web
6/13/2015 12:00:47 AM - Requested Web connection from 123.125.71.103[123.125.71.103], ID=562
6/13/2015 12:01:24 AM - { 563} START POP3
6/13/2015 12:01:24 AM - Requested POP3 connection from 10.127.251.37 [10.127.251.37], ID=563
6/13/2015 12:01:24 AM - ( 563) USER [email protected]
6/13/2015 12:01:24 AM - POP3 connection with 10.127.251.37 [10.127.251.37] ended. ID=563
6/13/2015 12:01:24 AM - { 563} END POP3
6/13/2015 12:01:24 AM - { 564} START POP3
6/13/2015 12:01:24 AM - Requested POP3 connection from 10.127.251.37 [10.127.251.37], ID=564
6/13/2015 12:01:24 AM - ( 564) USER [email protected]
6/13/2015 12:01:24 AM - POP3 connection with 10.127.251.37 [10.127.251.37] ended. ID=564
6/13/2015 12:01:24 AM - { 564} END POP3
6/13/2015 12:01:40 AM - Web connection with 123.125.71.103 [123.125.71.103] ended. ID=562
6/13/2015 12:01:40 AM - { 562} END Web
6/13/2015 2:15:09 AM - Starting delivery thread, ID=667
6/13/2015 2:15:09 AM - { 667} START Delivery
6/13/2015 2:15:09 AM - Active delivery threads (ID=667 start): 0
6/13/2015 2:15:09 AM - [ 667] Delivering to [email protected]
6/13/2015 2:15:09 AM - [ 667] Forwarding mail...
6/13/2015 2:15:09 AM - [ 667] Forwarding message to 1 address(es)
6/13/2015 2:15:09 AM - Delivery thread, ID=667, terminated after running for 0.031 seconds.
6/13/2015 2:15:09 AM - { 667} END Delivery
6/13/2015 2:15:09 AM - Active delivery threads (ID=667 end): 0
내 결과는 다음과 같습니다
6/13/2015 12:00:47 AM - 562 - START Web ::: Requested Web connection from 123.125.71.103[123.125.71.103] - 6/13/2015 12:01:40 AM - Web connection with 123.125.71.103 [123.125.71.103] ended. ::: END Web
6/13/2015 12:01:24 AM - 563 - START POP3 ::: Requested POP3 connection from 10.127.251.37 [10.127.251.37] ::: USER [email protected] ::: POP3 connection with 10.127.251.37 [10.127.251.37] ended. ::: END POP3
6/13/2015 12:01:24 AM - 564 - START POP3 ::: Requested POP3 connection from 10.127.251.37 [10.127.251.37] ::: USER [email protected] ::: POP3 connection with 10.127.251.37 [10.127.251.37] ended. ::: END POP3
6/13/2015 2:15:09 AM - 667 - Starting delivery thread ::: START Delivery ::: Active delivery threads (start): 0 ::: Delivering to [email protected] ::: Forwarding mail... ::: Forwarding message to 1 address(es) ::: Delivery thread terminated after running for 0.031 seconds. ::: END Delivery ::: Active delivery threads (end): 0