同一行的不同 awk 分隔符

同一行的不同 awk 分隔符

我想分隔 3 列,第一列包含单个数字 4、5 或 6。第二列包含 ID,第三列包含描述。

输入示例:

%ASA-4-105505: (Primary|Secondary) Failed to connect to peer unit peer-ip:port    
%ASA-4-105524: (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit    
%ASA-4-105553: (Primary|Secondary) Detected another Active HA unit    
%ASA-4-106023: Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
%ASA-4-106027: Deny src [source address] dst [destination address] by access-group “access-list name”.
%ASA-4-106103: access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
%ASA-4-108004: action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
%ASA-4-109017: User at IP_address exceeded auth proxy connection limit (max)
%ASA-4-109022: exceeded HTTPS proxy process limit
%ASA-4-109027: [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
%ASA-4-109028: aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
%ASA-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.

预期输出:

4   105505 (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4   105524 (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4   105553 (Primary|Secondary) Detected another Active HA unit
4   106023 Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4   106027 Deny src [source address] dst [destination address] by access-group “access-list name”.
4   106103 access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4   108004 action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4   109017 User at IP_address exceeded auth proxy connection limit (max)
4   109022 exceeded HTTPS proxy process limit
4   109027 [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4   109028 aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4   109030 Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.

我能够提取第二列和第三列,cat rawSyslog.txt | awk -F '[-:]' '{print $2 "\t" $3}'但最后一列有很多特殊字符,这些字符会扰乱输出字段。如何提取最后一列?

答案1

使用 GNU awk 来gensub()

$ awk -F'[:-]' -v OFS='\t' '{print $2, $3, gensub(/[^ ]* /,"",1)}' file
4       105505  (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4       105524  (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4       105553  (Primary|Secondary) Detected another Active HA unit
4       106023  Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4       106027  Deny src [source address] dst [destination address] by access-group “access-list name”.
4       106103  access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4       108004  action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4       109017  User at IP_address exceeded auth proxy connection limit (max)
4       109022  exceeded HTTPS proxy process limit
4       109027  [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4       109028  aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4       109030  Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.

或使用任何 awk:

$ awk -F'[:-]' -v OFS='\t' '{x=$0; sub(/[^ ]* /,"",x); print $2, $3, x}' file
4       105505  (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4       105524  (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4       105553  (Primary|Secondary) Detected another Active HA unit
4       106023  Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4       106027  Deny src [source address] dst [destination address] by access-group “access-list name”.
4       106103  access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4       108004  action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4       109017  User at IP_address exceeded auth proxy connection limit (max)
4       109022  exceeded HTTPS proxy process limit
4       109027  [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4       109028  aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4       109030  Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.

答案2

Perl 方法:

$ perl -lne 'print join "\t",$1,$2,$3 if /-(\d)-(\d+):\s+(.*)/' file 
4   105505  (Primary|Secondary) Failed to connect to peer unit peer-ip:port    
4   105524  (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit    
4   105553  (Primary|Secondary) Detected another Active HA unit    
4   106023  Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4   106027  Deny src [source address] dst [destination address] by access-group “access-list name”.
4   106103  access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4   108004  action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4   109017  User at IP_address exceeded auth proxy connection limit (max)
4   109022  exceeded HTTPS proxy process limit
4   109027  [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4   109028  aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4   109030  Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.

答案3

使用(以前称为 Perl_6)

raku -ne 'put ($0,$1,$2).join("\t") if / \- (<[456]>) \- (\d+) \: \s+ (.*) /;'  

或者

raku -ne '.split(/<[:-]>/, 4).skip.join("\t").put;'  

第一个答案通常遵循 @terdon 的 Perl5 代码,而第二个答案通常遵循 @glenn_jackman 的 Perl5 代码。

Raku 中的注释:

  1. Raku 捕获从 开始$0

  2. 当转义正则表达式中的字符时,Raku 不会让你猜测:如果不是,<alnum>则需要转义,

  3. 枚举字符类在 Raku 中创建为<[... ]>

  4. 前导.(如.split)是 的缩写$_.,表示函数调用适用于$_主题变量。

输入示例:

%ASA-4-105505: (Primary|Secondary) Failed to connect to peer unit peer-ip:port    
%ASA-4-105524: (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit    
%ASA-4-105553: (Primary|Secondary) Detected another Active HA unit    
%ASA-4-106023: Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
%ASA-4-106027: Deny src [source address] dst [destination address] by access-group “access-list name”.
%ASA-4-106103: access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
%ASA-4-108004: action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
%ASA-4-109017: User at IP_address exceeded auth proxy connection limit (max)
%ASA-4-109022: exceeded HTTPS proxy process limit
%ASA-4-109027: [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
%ASA-4-109028: aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
%ASA-4-109030: Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.

示例输出:

4   105505   (Primary|Secondary) Failed to connect to peer unit peer-ip:port    
4   105524   (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit    
4   105553   (Primary|Secondary) Detected another Active HA unit    
4   106023   Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4   106027   Deny src [source address] dst [destination address] by access-group “access-list name”.
4   106103   access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4   108004   action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4   109017   User at IP_address exceeded auth proxy connection limit (max)
4   109022   exceeded HTTPS proxy process limit
4   109027   [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4   109028   aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4   109030   Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.

https://raku.org

答案4

您可以使用sed

$ sed 's/^.\{5\}\([[:digit:]]\+\)-\([[:digit:]]\+\):[[:blank:]]*\(.*\)$/\1\t\2\t\3/' file 
4       105505  (Primary|Secondary) Failed to connect to peer unit peer-ip:port
4       105524  (Primary|Secondary) Transitioning to Negotiating state due to the presence of another Active HA unit
4       105553  (Primary|Secondary) Detected another Active HA unit
4       106023  Deny protocol src [interface_name:source_address/source_port] [([idfw_user|FQDN_string], sg_info)] dst interface_name:dest_address/dest_port [([idfw_user|FQDN_string], sg_info)] [type {string}, code {code}] by access_group acl_ID [0x8ed66b60, 0xf8852875]
4       106027  Deny src [source address] dst [destination address] by access-group “access-list name”.
4       106103  access-list acl_ID denied protocol for user username interface_name/source_address source_port interface_name/dest_address dest_port hit-cnt number first hit hash codes
4       108004  action_class: action ESMTP req_resp from src_ifc:sip|sport to dest_ifc:dip|dport;further_info, page 1-23
4       109017  User at IP_address exceeded auth proxy connection limit (max)
4       109022  exceeded HTTPS proxy process limit
4       109027  [aaa protocol] Unable to decipher response message Server = server_IP_address, User = user
4       109028  aaa bypassed for same-security traffic from ingress_ interface:source_address/source_port to egress_interface:dest_address/dest_port
4       109030  Autodetect ACL convert wildcard did not convert ACL access_list source | dest netmask netmask.

相关内容