我想分隔 3 列,第一列包含单个数字 4、5 或 6。第二列包含 ID,第三列包含描述。
输入示例:
%ASA-4-105505: (Primary|Secondary) Failed to connect to peer unit peer-ip:port
%ASA-4-105524: (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
%ASA-4-105553: (Primary|Secondary) Detected another Active HA unit
%ASA-4-106023: Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
%ASA-4-106027: Deny src [source address] dst [destination address] by access-group “access-list name”.
%ASA-4-106103: access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
%ASA-4-108004: action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
%ASA-4-109017: User at IP_address exceeded auth proxy connection limit (max)
%ASA-4-109022: exceeded HTTPS proxy process limit
%ASA-4-109027: [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
%ASA-4-109028: aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
%ASA-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
预期输出:
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
我能够提取第二列和第三列,cat rawSyslog.txt | awk -F '[-:]' '{print $2 "\t" $3}'但最后一列有很多特殊字符,这些字符会扰乱输出字段。如何提取最后一列?
答案1
使用 GNU awk 来gensub():
$ awk -F'[:-]' -v OFS='\t' '{print $2, $3, gensub(/[^ ]* /,"",1)}' file
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
或使用任何 awk:
$ awk -F'[:-]' -v OFS='\t' '{x=$0; sub(/[^ ]* /,"",x); print $2, $3, x}' file
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
答案2
Perl 方法:
$ perl -lne 'print join "\t",$1,$2,$3 if /-(\d)-(\d+):\s+(.*)/' file
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
答案3
使用乐(以前称为 Perl_6)
raku -ne 'put ($0,$1,$2).join("\t") if / \- (<[456]>) \- (\d+) \: \s+ (.*) /;'
或者
raku -ne '.split(/<[:-]>/, 4).skip.join("\t").put;'
第一个答案通常遵循 @terdon 的 Perl5 代码,而第二个答案通常遵循 @glenn_jackman 的 Perl5 代码。
Raku 中的注释:
Raku 捕获从 开始
$0,当转义正则表达式中的字符时,Raku 不会让你猜测:如果不是,
<alnum>则需要转义,枚举字符类在 Raku 中创建为
<[...]>,前导
.(如.split)是 的缩写$_.,表示函数调用适用于$_主题变量。
输入示例:
%ASA-4-105505: (Primary|Secondary) Failed to connect to peer unit peer-ip:port
%ASA-4-105524: (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
%ASA-4-105553: (Primary|Secondary) Detected another Active HA unit
%ASA-4-106023: Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
%ASA-4-106027: Deny src [source address] dst [destination address] by access-group “access-list name”.
%ASA-4-106103: access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
%ASA-4-108004: action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
%ASA-4-109017: User at IP_address exceeded auth proxy connection limit (max)
%ASA-4-109022: exceeded HTTPS proxy process limit
%ASA-4-109027: [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
%ASA-4-109028: aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
%ASA-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
示例输出:
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.
答案4
您可以使用sed:
$ sed 's/^.\{5\}\([[:digit:]]\+\)-\([[:digit:]]\+\):[[:blank:]]*\(.*\)$/\1\t\2\t\3/' file
4 105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4 105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4 105553 (Primary|Secondary) Detected another Active HA unit
4 106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4 106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4 106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4 108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4 109017 User at IP_address exceeded auth proxy connection limit (max)
4 109022 exceeded HTTPS proxy process limit
4 109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4 109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4 109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.