在这样的日志中: 21-03-2020 07:09 [LOG] ralex /home/ralei/secret ACCESS_WRITE_OK 如何查看路径和日志中的用户是否相同?

在这样的日志中: 21-03-2020 07:09 [LOG] ralex /home/ralei/secret ACCESS_WRITE_OK 如何查看路径和日志中的用户是否相同?

所以我有一堆像这样的日志文件:

20-03-2020 10:01 [LOG] davis /home/davis/fis1 ACCESS_WRITE_OK
20-03-2020 11:11 [LOG] davis /home/davis/Pictures/cat.png ACCESS_READ_OK
20-03-2020 12:22 [LOG] root /home/davis/hello ACCESS_READ_OK
20-03-2020 21:10 [ERROR] davis /root/secret.txt ACCESS_READ_DENY
20-03-2020 23:11 [LOG] davis /home/davis/secret ACCESS_READ_OK
20-03-2020 23:22 [ERROR] ralex /home/davis/secret ACCESS_WRITE_DENY
21-03-2020 06:00 [LOG] root /bin/bash ACCESS_READ_OK
21-03-2020 07:09 [LOG] ralex /home/ralex/secret ACCESS_WRITE_OK
21-03-2020 08:22 [ERROR] ralex /dev/sda1 ACCESS_READ_DENY
21-03-2020 14:12 [LOG] root /home/davis/.hidden/secret_root ACCESS_WRITE_OK
22-03-2020 07:09 [LOG] root /dev/sda ACCESS_READ_OK

我只需要提取路径和用户名列中用户名相同的日志。之后我需要用 ~ 替换绝对路径,我的日志文件应该如下所示:

20-03-2020 10:01 [LOG] davis ~/fis1 ACCESS_WRITE_OK
20-03-2020 11:11 [LOG] davis ~/Pictures/cat.png ACCESS_READ_OK
20-03-2020 12:22 [LOG] root /home/davis/hello ACCESS_READ_OK
20-03-2020 21:10 [ERROR] davis /root/secret.txt ACCESS_READ_DENY
20-03-2020 23:11 [LOG] davis ~/secret ACCESS_READ_OK
20-03-2020 23:22 [ERROR] ralex /home/davis/secret ACCESS_WRITE_DENY
21-03-2020 06:00 [LOG] root /bin/bash ACCESS_READ_OK
21-03-2020 07:09 [LOG] ralex ~/secret ACCESS_WRITE_OK
21-03-2020 08:22 [ERROR] ralex /dev/sda1 ACCESS_READ_DENY
21-03-2020 14:12 [LOG] root /home/davis/.hidden/secret_root ACCESS_WRITE_OK
22-03-2020 07:09 [LOG] root /dev/sda ACCESS_READ_OK

你能帮我解决这个问题吗?谢谢!:)

答案1


sed "s/\<\([a-z]\{1,\}\)\>.*\<\1\>/\1 ~/g" FILENAME

这就是我需要的代码。它搜索用户名出现两次的行,并用第一组(用户名)和 /home/username/ 路径的 ~ 替换匹配的单词。不确定这是否是最好的方法,但 id 可以完成这项工作 :))

相关内容