我想提取域名(主机名),连接超时,延迟时间前 5 名。
输入文件
Mar 19 21:44:00 ip-172-2-0-53 sendmail[30686]: v2K4g0Dm030684: to=<[email protected]>, delay=00:02:12, xdelay=00:02:00, mailer=esmtp, pri=120847, relay=webmail.jehdns.com. [192.168.1.1], dsn=4.0.0, stat=Deferred: Connection timed out with webmail.jehdns.com.
Mar 19 20:35:00 ip-172-2-0-54 sendmail[30683]: v2K4g0Dm030684: to=<[email protected]>, delay=00:02:00, xdelay=00:02:00, mailer=esmtp, pri=120847, relay=webmail.jehdns.com. [192.168.1.1], dsn=4.0.0, stat=Deferred: Connection timed out with webmail.karna.com.
Mar 21 23:15:20 ip-172-2-0-53 sendmail[7742]: v2M6FKZm007741: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31116, dsn=2.0.0, stat=Sent
预期输出:
Mar 19 21 delay=00:02:12 - webmail.jehdns.com.
Mar 20 13 delay=00:02:00 - webmail.karna.com.
答案1
sed -n '/timed out/{s/^\([^:]*\):.*xdelay=\([^,]*\),.*with \(.*\)$/\1 delay=\2 - \3/;p;}'
答案2
perl -F: -lane '
($i) = grep { $F[$_] =~ /delay=/ } 0 .. $#F;
$d = join ":", join($\, @F[$i..$i+2]) =~ /\hdelay=\K\d+|\n\K\d+/g;
print "$d:$F[0]", " delay=$d", " - ", /\S+$/g if $F[-1] =~ /timed out/;
' input_file |
sort -t: -nr -k1,1 -k2,2 -k3,3 | cut -d: -f4-
输出
Mar 19 21 delay=00:02:12 - webmail.jehdns.com.
Mar 19 20 delay=00:02:00 - webmail.karna.com.