我按照 quanta 的建议运行了这个脚本
#!/bin/bash
EDATE=$(tail -1 a | awk '{ print substr($4, 2, length($4)) }')
EEPOCH=$(date -d "$(echo "$EDATE" | awk 'BEGIN { FS = "[/:]"; } \
{ print $1" "$2" "$3" "$4":"$5":"$6 }')" +%s)
time=$(expr 60 \* 60 \* 24 \* 5)
SEPOCH=$(expr $EEPOCH - $time)
while read line
do
DATE=$(echo $line | awk '{ print substr($4, 2, length($4)-1) }' | \
awk 'BEGIN { FS = "[/:]"; } { print $1" "$2" "$3" "$4":"$5":"$6 }')
DEPOCH=$(date -d "$DATE" +%s)
[[ $DEPOCH -ge $SEPOCH && $DEPOCH -le $EEPOCH ]] && echo $line | \
awk '{ print substr($4, 2, length($4)) }' >> as1
done < a
我检查了一下,似乎你的脚本想要逐行检查日志文件。由于它有超过 14000 个项目,所以需要很多时间。所以当我运行它时,光标会移动到下一行和下一行,我应该按 14000 次才能检查整个日志文件!这是不可能的!我认为它只适用于短日志文件。问题是由于 while 吗?
答案1
这行代码(我为了清晰起见把它拆分了)应该能得到相同的结果。你可以选择> as1
在末尾添加以将输出重定向到文件。将 apache 日志文件的路径放在我放置的位置<logfile>
for d in \
$(sed -nre 's/.*\[(..)\/(...)\/(....):(..:..:..) .*/\1 \2 \3 \4/p' <logfile> | date +%s -f-);
do echo $[ $d - 86400 * 5]; done
该date
命令不需要明确的 UTC 格式的参数日期-d
,尽管它不理解 apache 日志输出的日期,所以我做了一些替换,用空格替换了分隔日期和时间的斜杠和冒号。
答案2
为您准备:
#!/bin/bash
EDATE=$(tail -1 aa.log | awk '{ print substr($4, 2, length($4)) }')
EEPOCH=$(date -d "$(echo "$EDATE" | awk 'BEGIN { FS = "[/:]"; } \
{ print $1" "$2" "$3" "$4":"$5":"$6 }')" +%s)
time=$(expr 60 \* 60 \* 24 \* 5)
SEPOCH=$(expr $EEPOCH - $time)
while read line
do
DATE=$(echo $line | awk '{ print substr($4, 2, length($4)-1) }' | \
awk 'BEGIN { FS = "[/:]"; } { print $1" "$2" "$3" "$4":"$5":"$6 }')
DEPOCH=$(date -d "$DATE" +%s)
[[ $DEPOCH -ge $SEPOCH && $DEPOCH -le $EEPOCH ]] && echo $line | \
awk '{ print substr($4, 2, length($4)) }' >> as1
done < aa.log
更新
输入:
213.46.27.204 - - [21/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
213.46.27.204 - - [22/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
213.46.27.204 - - [23/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
213.46.27.204 - - [24/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
213.46.27.204 - - [25/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
213.46.27.204 - - [26/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
213.46.27.204 - - [27/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
213.46.27.204 - - [28/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
213.46.27.204 - - [29/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
213.46.27.204 - - [30/Dec/2002:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
213.46.27.204 - - [01/Jan/2003:12:55:21 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 - "" ""
输出:
$ ./five_last_days.sh
27/Dec/2002:12:55:21
28/Dec/2002:12:55:21
29/Dec/2002:12:55:21
30/Dec/2002:12:55:21
01/Jan/2003:12:55:21