#/etc/links1 檔案內容
WAN1=rtk0
WAN2=rtk1
LAN1=rtk2
DMZ1=rtk3
DMZ2=rtk4
WAN3=rtk5
計算總行數
# gawk '/WAN/{count++}END{print count}' /etc/links1
3
Example2.
用"="號來區隔出資料變數,並存在var陣列中
# gawk 'BEGIN{split("DMZ=rtk3",var,"=");print var[2]}'
rtk3
awk預設的分隔符號為space(空白鍵),在這邊將其預設欄位分隔符號改為"=",再取出該檔案的第2欄資料
# gawk -F'=' '{ print $2 }' /etc/links
rtk0
rtk1
rtk2
rtk3
rtk4
rtk5
Example3.
將/etc/ifconfig.rtk0的第三欄資料印出
#gawk '{print $3}' /etc/ifconfig.rtk0`
Show the line if the packets count is non zero
iptables -t mangle -L -v -n | awk '$1!=0 {print $0}'
Chain Chain1 (1 references)
pkts bytes target prot opt in out source destination
1 78 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto nbns
2 99 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto rdp
4 226 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto telnet
$ ls -la | awk '($1 = /-rw-r--r--/ ){print $9}'
aa.gif
Example.
file aaa 的內容
Total run 5 times
ftp_0.pat allchar-sets 0 printchar-sets 0
ftp_1.pat allchar-sets 0 printchar-sets 0
ftp_2.pat allchar-sets 0 printchar-sets 0
ftp_3.pat allchar-sets 5 printchar-sets 0
msn_0.pat allchar-sets 1 printchar-sets 1
msn_1.pat allchar-sets 0 printchar-sets 0
msn_2.pat allchar-sets 0 printchar-sets 0
msn_3.pat allchar-sets 0 printchar-sets 6
msn_4.pat allchar-sets 0 printchar-sets 0
msn_5.pat allchar-sets 0 printchar-sets 0
取出第三欄或是第五欄內容不為0 的records
# cat aaa | awk 'NR>1 && ($3!=0 || $5!=0){print $0}'
ftp_3.pat allchar-sets 5 printchar-sets 0
msn_0.pat allchar-sets 1 printchar-sets 1
msn_3.pat allchar-sets 0 printchar-sets 6
每隔3秒鐘, 印/proc/slabinfo 中的某些資料
# while [ 1 ]; do cat /proc/slabinfo | awk '/\
/flash/etc/system.conf 內容
PASSTHROUGHPKT=5000
PASSTHROUGHBYTE=1000000
#RANDOMRATE=40
# awk -F "=" '/^PASSTHROUGHBYTE/{print $2}' /flash/etc/system.conf
1000000
VER= $(shell awk -F"[:|@]" '{ print $$3 }' CVS/Root)
$ cat CVS/Root
:ext:vincent@192.168.17.190:/home/cvsroot
$ cat CVS/Root | awk -F"[:|@]" '{ print $3 }' // 這裡awk -F 的separator 利用 [:|@] or 的符號
my_cvs_username
HOST_IP=$(shell ifconfig eth0 | grep "inet addr" | awk -F: '{print $$2}' | awk '{print $$1}')
$ ifconfig eth0
Warning: cannot open /proc/net/dev (Permission denied). Limited output.
eth0 Link encap:Ethernet HWaddr 00:0E:A6:44:ED:A7
inet addr:192.168.211.18 Bcast:192.168.211.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:209 Memory:fbffc000-0
STARTTIME= $(shell LC_ALL=C date )
LC_ALL=C 的目的是啥? :(
這裡我比較不懂的地方有
1. 在Makefile 裡面, 需要利用shell 來做shell command execution, 格式如下
$(shell command-list)
command list 就是原先在shell 理面執行的commands
2. 在Makefile 裡面的引數都要改成 $$1, $$2, $$3 (尤其是在shell command 當中), 原因是什麼, 我現在還不是很清楚
ls | awk '{print "echo filename:"$1" ; tcpdump -nv host 207.46.2.152 -r "$1}' | sh
ls | xargs -n 1 tcpdump -nv host 207.46.2.152 -r
ls -cr --sort=t | head -1 | xargs -n 1 md5sum
ls -lacr --sort=t | head -2 | awk 'NR!=1{print $8}'
InstantScan-10-prophet.bin
[vincent@CMF tftpboot]$ ls -lacr --sort=t | head -2 | awk 'NR!=1{print $8}' | md5sum // 這時處理的不是檔案, 是"字串"
eb1c42d6d509de2d02c6d426a6b74934 -
[vincent@CMF tftpboot]$ md5sum InstantScan-10-prophet.bin
c98bbabbd0d22cdc15b37d9759b78ba4 InstantScan-10-prophet.bin
ls -ur --sort=t // sort by access time, 由oldest time to the newest time (sorting descending)
ls -cr --sort=t // sort by last modification time, 由oldest time to the newest time (sorting descending)
ls -u --sort=t // sort by access time, 由newest time to the oldest time (sorting ascending)
ls -c --sort=t // sort by last modification time, 由newest time to the oldest time (sorting ascending)
// 測試 ok
ls -lcr --sort=t | head -100 | awk 'NR!=1{print $8}' | sudo xargs -n 1 rm -f
Some awk simple command
# more /etc/ifconfig.rtk0 | awk '{print $1}'
192.168.17.205
# gawk '{print $2}' /etc/ifconfig.rtk0
192.168.17.173
# cat /etc/ifconfig.rtk0 | gawk '{print $2}'
192.168.17.173
# more /etc/ifconfig.rtk0 | gawk '{print $2}'
192.168.17.173
定時顯示snortinline PID & time value
#!/bin/sh
while (true)
do
ps aux | grep snort_inline | grep -v grep | awk '{printf "%s ", $1}'; date | awk '{print $4}'
sleep 5;
done
結果
29205 11:28:59
29205 11:29:04
29205 11:29:09
29205 11:29:14
29205 11:29:19
29205 11:29:24
29205 11:29:29
29205 11:29:34
29205 11:29:39
29205 11:29:44
while [ 1 ]; do ps aux | grep snort | grep -v grep | awk '{print $1}'; sleep 20; done
1 則留言:
hello
just registered and put on my todo list
hopefully this is just what im looking for, looks like i have a lot to read.
張貼留言