![在这样的日志中: 21-03-2020 07:09 [LOG] ralex /home/ralei/secret ACCESS_WRITE_OK 如何查看路径和日志中的用户是否相同?](https://linux22.com/image/1016959/%E5%9C%A8%E8%BF%99%E6%A0%B7%E7%9A%84%E6%97%A5%E5%BF%97%E4%B8%AD%EF%BC%9A%2021-03-2020%2007%3A09%20%5BLOG%5D%20ralex%20%2Fhome%2Fralei%2Fsecret%20ACCESS_WRITE_OK%20%E5%A6%82%E4%BD%95%E6%9F%A5%E7%9C%8B%E8%B7%AF%E5%BE%84%E5%92%8C%E6%97%A5%E5%BF%97%E4%B8%AD%E7%9A%84%E7%94%A8%E6%88%B7%E6%98%AF%E5%90%A6%E7%9B%B8%E5%90%8C%EF%BC%9F.png)
所以我有一堆像这样的日志文件:
20-03-2020 10:01 [LOG] davis /home/davis/fis1 ACCESS_WRITE_OK
20-03-2020 11:11 [LOG] davis /home/davis/Pictures/cat.png ACCESS_READ_OK
20-03-2020 12:22 [LOG] root /home/davis/hello ACCESS_READ_OK
20-03-2020 21:10 [ERROR] davis /root/secret.txt ACCESS_READ_DENY
20-03-2020 23:11 [LOG] davis /home/davis/secret ACCESS_READ_OK
20-03-2020 23:22 [ERROR] ralex /home/davis/secret ACCESS_WRITE_DENY
21-03-2020 06:00 [LOG] root /bin/bash ACCESS_READ_OK
21-03-2020 07:09 [LOG] ralex /home/ralex/secret ACCESS_WRITE_OK
21-03-2020 08:22 [ERROR] ralex /dev/sda1 ACCESS_READ_DENY
21-03-2020 14:12 [LOG] root /home/davis/.hidden/secret_root ACCESS_WRITE_OK
22-03-2020 07:09 [LOG] root /dev/sda ACCESS_READ_OK
我只需要提取路径和用户名列中用户名相同的日志。之后我需要用 ~ 替换绝对路径,我的日志文件应该如下所示:
20-03-2020 10:01 [LOG] davis ~/fis1 ACCESS_WRITE_OK
20-03-2020 11:11 [LOG] davis ~/Pictures/cat.png ACCESS_READ_OK
20-03-2020 12:22 [LOG] root /home/davis/hello ACCESS_READ_OK
20-03-2020 21:10 [ERROR] davis /root/secret.txt ACCESS_READ_DENY
20-03-2020 23:11 [LOG] davis ~/secret ACCESS_READ_OK
20-03-2020 23:22 [ERROR] ralex /home/davis/secret ACCESS_WRITE_DENY
21-03-2020 06:00 [LOG] root /bin/bash ACCESS_READ_OK
21-03-2020 07:09 [LOG] ralex ~/secret ACCESS_WRITE_OK
21-03-2020 08:22 [ERROR] ralex /dev/sda1 ACCESS_READ_DENY
21-03-2020 14:12 [LOG] root /home/davis/.hidden/secret_root ACCESS_WRITE_OK
22-03-2020 07:09 [LOG] root /dev/sda ACCESS_READ_OK
你能帮我解决这个问题吗?谢谢!:)
答案1
sed "s/\<\([a-z]\{1,\}\)\>.*\<\1\>/\1 ~/g" FILENAME
这就是我需要的代码。它搜索用户名出现两次的行,并用第一组(用户名)和 /home/username/ 路径的 ~ 替换匹配的单词。不确定这是否是最好的方法,但 id 可以完成这项工作 :))