您好,我有以下日志文件示例:
Mon, 22 Mar 2020 13:15:39 +0200|185.34.66.225|user_1| - |user logged in| -
Mon, 22 Mar 2020 13:15:39 +0200|185.34.66.225|user_1| - |user changed password| -
Mon, 22 Mar 2020 13:15:39 +0200|185.34.66.225|user_1| - |user logged off| -
Mon, 22 Mar 2020 13:15:42 +0200|185.34.66.225|user_2| - |user logged in| -
Mon, 22 Mar 2020 13:15:40 +0200|185.34.66.215|user_3| - |user logged in| -
Mon, 22 Mar 2020 13:15:49 +0200|185.34.66.215|user_3| - |user changed password| -
Mon, 22 Mar 2020 13:15:49 +0200|185.34.66.215|user_3| - |user logged off| -
Mon, 22 Mar 2020 13:15:59 +0200|185.34.66.205|user_4| - |user logged in| -
Mon, 22 Mar 2020 13:15:59 +0200|185.34.66.205|user_4| - |user logged in| -
Mon, 22 Mar 2020 13:15:59 +0200|185.34.66.205|user_4| - |user changed password| -
Mon, 22 Mar 2020 13:15:59 +0200|185.34.66.205|user_4| - |user logged off| -
Mon, 22 Mar 2020 13:17:50 +0200|185.34.66.205|user_5| - |user logged in| -
Mon, 22 Mar 2020 13:17:50 +0200|185.34.66.205|user_5| - |user changed password| -
Mon, 22 Mar 2020 13:17:50 +0200|185.34.66.205|user_5| - |user changed profile| -
Mon, 22 Mar 2020 13:17:50 +0200|185.34.66.205|user_5| - |user logged off| -
Mon, 22 Mar 2020 15:19:19 +0200|178.56.66.225|user_6| - |user logged in| -
Mon, 22 Mar 2020 15:19:19 +0200|178.56.66.225|user_6| - |user changed password| -
Mon, 22 Mar 2020 15:19:19 +0200|178.56.66.225|user_6| - |user logged off| -
Mon, 22 Mar 2020 13:20:42 +0200|185.34.67.225|user_7| - |user logged in| -
我想要一个 bash 命令或脚本来检查并打印每个用户“登录然后更改密码然后注销”而不执行任何其他操作并且在同一秒内因此输出应为:
user_1
user_4
user_6
任何帮助,将不胜感激
更新:最后我想出了如何做到这一点,但我需要帮助如何使其更短,并且不要花太多时间处理巨大的日志文件:
cat /path/to/file | awk '{split($0,a,"|"); print a[3],a[1],a[5]}' | awk '{ print $6,$1,$8,$9,$10 }' | grep -A 1 -B 1 "user changed password" | awk 'seen[$1]++ ==2' | grep "user logged off" | awk '{ print $2}'