log show 命令输出操作

tag-icon tag-icon bash awk sed osx xargs
log show 命令输出操作

以下是在 macOS high Sierra 上执行的命令。

**`Command`**

 log show --info --predicate 'process="jamf" and eventMessage contains "Informing the JSS about login for user"' --start 2019-04-25|awk '{printf "%s %s %s %s %s %s %s %s %s %s %s %s %s \n", $1,$2,$4,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18}'|sed '1d'|column -t -s " "|grep -v "Informing  the  JSS  about  login  for  user  root"

Output:

 log: warning: ./system_logs.logarchive present but reading from system log store.

2019-04-25  09:49:26.843101+0530  Default  jamf:  [com.jamf.management.binary:all]  Informing  the  JSS  about  login  for  user  swastibhushandeb
2019-04-25  20:14:47.928848+0530  Default  jamf:  [com.jamf.management.binary:all]  Informing  the  JSS  about  login  for  user  swastibhushandeb

Desired Output:

2019-04-25  09:49:26.843101+0530  Default  jamf:  [com.jamf.management.binary:all]  Local Login for user  swastibhushandeb 
2019-04-25  20:14:47.928848+0530  Default  jamf:  [com.jamf.management.binary:all]  Local Login for user  swastibhushandeb

据我所知,Informing the JSS about login for user swastibhushandeb可以使用以下命令来替换“”sed 's/Informing the JSS about login for user swastibhushandeb/Local Login for user swastibhushandeb/'

  1. 但由于不同场景下用户名可能不同,如何"Informing the JSS about login for user swastibhushandeb"选择并替换包含用户名的特定字段呢?
  2. 如何使用将列标题插入到输出中awk begin

欢迎提出改进的建议/示例代码。

答案1

你的第一个问题的答案是:

sed 's/Informing  the  JSS  about  login  for  user/Local Login for user'

您建议正确的命令,但不需要替换username,替换其他单词。

对于第二个问题,你应该提供更多细节。

答案2

请通过以下命令管道输出

我删除了警告行 log: warning: 并添加了您提到的标题 所有内容均由 awk 完成,并具有正确的空间格式

命令

awk 'BEGIN{print "Date Time Type bundle Logininformation"}NR >1{gsub("Informing\t  the  JSS  about","Local",$0);print $0}' k.txt|sed '/^$/d'| awk '{printf "%30s%30s%30s%30s%30s\n",$1,$2,$3,$4,$5}'| awk '$0 !~/^$/{print $0}'

输出

awk 'BEGIN{print "Date Time Type bundle Logininformation"}NR >1{gsub("Informing\t  the  JSS  about","Local",$0);print $0}' k.txt|sed '/^$/d'| awk '{printf "%30s%30s%30s%30s%30s\n",$1,$2,$3,$4,$5}'| awk '$0 !~/^$/{print $0}'
                          Date                          Time                          Type                        bundle              Logininformation
                    2019-04-25          09:49:26.843101+0530                       Default                         jamf:[com.jamf.management.binary:all]
                    2019-04-25          20:14:47.928848+0530                       Default                         jamf:[com.jamf.management.binary:all]

相关内容