解析输出量很大的日志文件

Question 1

您可以启动以防止分叉“grep”进程每一个在日志中的行中，通过像这样重写代码：

tail -n0 -F /var/log/vsftpd.log | grep 'OK UPLOAD:' | while read line ; do
        #do a bunch of processing stuff - this takes some time
done

但我同意其他发帖者的观点，shell 并不适合处理繁重的文本/字符串。你应该考虑使用其他脚本引擎（至少是 awk，或者更好的是 perl 或 python）

Answer

您可以启动以防止分叉“grep”进程每一个在日志中的行中，通过像这样重写代码：

tail -n0 -F /var/log/vsftpd.log | grep 'OK UPLOAD:' | while read line ; do
        #do a bunch of processing stuff - this takes some time
done

但我同意其他发帖者的观点，shell 并不适合处理繁重的文本/字符串。你应该考虑使用其他脚本引擎（至少是 awk，或者更好的是 perl 或 python）

Question 2

如果您愿意放宽对 shell 脚本的限制，那么我在使用文件打开 '<' 选项的 Perl 方面拥有丰富的经验。

例如https://stackoverflow.com/questions/1425223/how-do-i-read-a-file-which-is-constantly-updating

Answer

如果您愿意放宽对 shell 脚本的限制，那么我在使用文件打开 '<' 选项的 Perl 方面拥有丰富的经验。

例如https://stackoverflow.com/questions/1425223/how-do-i-read-a-file-which-is-constantly-updating

Question 3

正如@epoon建议，Perl 可能是一个不错的选择：

#!/usr/bin/env perl

open(FH,'<',$ARGV[0]) || die("Could not open file $ARGV[0]\n");
for (;;) {
    while (<FH>) {
    if (/OK UPLOAD/) { ## this is where you do your processing. As an example, 
                       ## I am collecting the file's info
        /^(.+?)\s*\[pid\s*(\d+).+?\"([\d\.]+).+?\"(.+?)\".+?(\d+).+?\s([^\s]+)/;
        my ($date,$pid,$client,$filename,$size,$rate) = ($1,$2,$3,$4,$5,$6);
        print "On $date, process $pid uploaded file \"$filename\" of $size bytes from $client at $rate\n"

    }
    }
    # eof reached on FH, but wait a second and maybe there will be more output
    sleep 1;
    seek FH, 0, 1;      # this clears the eof flag on FH
}

运行此脚本/var/log/vsftpd.log应该给出类似的输出

On Sat Apr 20 16:30:05 CEST 2013, process 25409 uploaded file "/20130407/09/20130407_090842D.avi" of 531792 bytes from 206.132.183.201 at 426.14Kbyte/sec

如果您具体说明想要用日志信息做什么，我会很乐意更新此信息。

Answer

正如@epoon建议，Perl 可能是一个不错的选择：

#!/usr/bin/env perl

open(FH,'<',$ARGV[0]) || die("Could not open file $ARGV[0]\n");
for (;;) {
    while (<FH>) {
    if (/OK UPLOAD/) { ## this is where you do your processing. As an example, 
                       ## I am collecting the file's info
        /^(.+?)\s*\[pid\s*(\d+).+?\"([\d\.]+).+?\"(.+?)\".+?(\d+).+?\s([^\s]+)/;
        my ($date,$pid,$client,$filename,$size,$rate) = ($1,$2,$3,$4,$5,$6);
        print "On $date, process $pid uploaded file \"$filename\" of $size bytes from $client at $rate\n"

    }
    }
    # eof reached on FH, but wait a second and maybe there will be more output
    sleep 1;
    seek FH, 0, 1;      # this clears the eof flag on FH
}

运行此脚本/var/log/vsftpd.log应该给出类似的输出

On Sat Apr 20 16:30:05 CEST 2013, process 25409 uploaded file "/20130407/09/20130407_090842D.avi" of 531792 bytes from 206.132.183.201 at 426.14Kbyte/sec

如果您具体说明想要用日志信息做什么，我会很乐意更新此信息。

Question 4

您是否尝试过使用该--line-buffered选项grep？

tail -f /var/log/vsftpd.log | grep --line-buffered 'OK UPLOAD:' | while read line ; do
        #do a bunch of processing stuff - this takes some time
done

Answer

您是否尝试过使用该--line-buffered选项grep？

tail -f /var/log/vsftpd.log | grep --line-buffered 'OK UPLOAD:' | while read line ; do
        #do a bunch of processing stuff - this takes some time
done

解析输出量很大的日志文件

答案1

答案2

答案3

答案4

相关内容