我有一个 bash 命令(在 macOS High Sierra 上):
sudo cat /private/var/log/system.log*| awk 'BEGIN {print "\n"} {print "Month\tDay\tTime\t\tSystemMessage"} /SHUTDOWN_TIME/{print $1,$2,$3,$8}'|sort -M|uniq|column -t
输出:
Month Day Time SystemMessage
Mar 30 02:50:56 SHUTDOWN_TIME:
Mar 30 13:13:28 SHUTDOWN_TIME:
Apr 1 17:27:48 SHUTDOWN_TIME:
Apr 1 23:59:37 SHUTDOWN_TIME:
Apr 10 17:08:10 SHUTDOWN_TIME:
Apr 10 22:59:13 SHUTDOWN_TIME:
Apr 11 19:13:43 SHUTDOWN_TIME:
Apr 2 16:33:50 SHUTDOWN_TIME:
Apr 3 00:13:58 SHUTDOWN_TIME:
Apr 3 16:54:22 SHUTDOWN_TIME:
Apr 3 23:36:55 SHUTDOWN_TIME:
Apr 4 17:00:40 SHUTDOWN_TIME:
Apr 5 17:00:50 SHUTDOWN_TIME:
Apr 8 17:41:18 SHUTDOWN_TIME:
Apr 8 23:41:05 SHUTDOWN_TIME:
Apr 9 17:19:33 SHUTDOWN_TIME:
Apr 9 23:23:18 SHUTDOWN_TIME:
虽然我有另一个 bash 命令设置为:
sudo cat /private/var/log/system.log*| awk 'BEGIN {print "\n"} {print "Month\tDay\tTime\t\tSystemMessage"} /BOOT_TIME/{print $1,$2,$3,$6}'|sort -M|uniq|column -t
输出:
Month Day Time SystemMessage
Mar 30 12:37:12 BOOT_TIME
Apr 1 10:09:12 BOOT_TIME
Apr 1 21:45:41 BOOT_TIME
Apr 10 09:38:12 BOOT_TIME
Apr 10 19:53:06 BOOT_TIME
Apr 11 12:02:02 BOOT_TIME
Apr 12 09:33:21 BOOT_TIME
Apr 2 10:19:19 BOOT_TIME
Apr 2 22:54:34 BOOT_TIME
Apr 3 09:56:02 BOOT_TIME
Apr 3 21:09:25 BOOT_TIME
Apr 4 10:00:42 BOOT_TIME
Apr 5 10:09:17 BOOT_TIME
Apr 8 09:47:02 BOOT_TIME
Apr 8 21:21:34 BOOT_TIME
Apr 9 09:34:50 BOOT_TIME
Apr 9 21:16:49 BOOT_TIME
结合这两个命令来生成如下输出的最佳方法是什么:
Month Day Time SystemMessage
Mar 30 12:37:12 BOOT_TIME
Mar 30 02:50:56 SHUTDOWN_TIME
第一个命令的输出在每行末尾都有一个“:”,如何从输出中删除它们?
答案1
您可能会执行类似以下操作来组合它们(未经测试,因为我无权访问 macOS High Sierra 系统上的日志,并且日志消息在我的 Mojave 系统上根本不匹配):
cat /private/var/log/system.log | awk '
BEGIN { OFS="\t"; print "Month", "Day", "Time", "Message" }
/SHUTDOWN_TIME/ { sub(":$","",$8); print $1, $2, $3, $8 }
/BOOT_TIME/ { print $1, $2, $3, $6 }'
删除第 8 个字段的sub()尾随字段:(如果存在)。
请注意,我只打印一次标题,而您每行打印一次。排序也是不必要的,因为日志文件可能已经按时间排序。
在我的 macOS Mojave 系统上,其他system.log*文件都是压缩的,这意味着您无法cat将其内容发送到awk.你会用zcat在这些上。作为系统上的管理员用户,我也不必用来sudo读取日志。
答案2
将输出保存在 2 个文件中,并使用以下命令来实现上述结果
cat file1 file2|sed '/Month/d'| sed "s/:$//g"| sed '1i Month Day Time SystemMessage'
Month Day Time SystemMessage
Mar 30 02:50:56 SHUTDOWN_TIME
Mar 30 13:13:28 SHUTDOWN_TIME
Apr 1 17:27:48 SHUTDOWN_TIME
Apr 1 23:59:37 SHUTDOWN_TIME
Apr 10 17:08:10 SHUTDOWN_TIME
Apr 10 22:59:13 SHUTDOWN_TIME
Apr 11 19:13:43 SHUTDOWN_TIME
Apr 2 16:33:50 SHUTDOWN_TIME
Apr 3 00:13:58 SHUTDOWN_TIME
Apr 3 16:54:22 SHUTDOWN_TIME
Apr 3 23:36:55 SHUTDOWN_TIME
Apr 4 17:00:40 SHUTDOWN_TIME
Apr 5 17:00:50 SHUTDOWN_TIME
Apr 8 17:41:18 SHUTDOWN_TIME
Apr 8 23:41:05 SHUTDOWN_TIME
Apr 9 17:19:33 SHUTDOWN_TIME
Apr 9 23:23:18 SHUTDOWN_TIME
Mar 30 12:37:12 BOOT_TIME
Apr 1 10:09:12 BOOT_TIME
Apr 1 21:45:41 BOOT_TIME
Apr 10 09:38:12 BOOT_TIME
Apr 10 19:53:06 BOOT_TIME
Apr 11 12:02:02 BOOT_TIME
Apr 12 09:33:21 BOOT_TIME
Apr 2 10:19:19 BOOT_TIME
Apr 2 22:54:34 BOOT_TIME
Apr 3 09:56:02 BOOT_TIME
Apr 3 21:09:25 BOOT_TIME
Apr 4 10:00:42 BOOT_TIME
Apr 5 10:09:17 BOOT_TIME
Apr 8 09:47:02 BOOT_TIME
Apr 8 21:21:34 BOOT_TIME
Apr 9 09:34:50 BOOT_TIME
Apr 9 21:16:49 BOOT_TIME