shell - 在 linux shell 中,如何用sed来选择内容

  显示原文与译文双语对照的内容
106 2

在我的项目中,我有一个 linux file: audit_check.log

audit_check.log的内容类似于:


2019-01-08 15:09:32,root pts/0 2019-01-08 11:30, root,vm1, 3111 sh keycmd.sh,/root/USER_CD


2019-01-08 15:09:40,root pts/0 2019-01-08 11:30, root,vm1, 3112 cat/tmp/keycmdtmp.log,/root/USER_CD


2019-01-08 15:10:30,root pts/0 2019-01-08 11:30, root,vm1, 3115 cat/var/log/audit_check.log,/root/USER_CD


2019-01-08 15:10:51,root pts/0 2019-01-08 11:30, root,vm1, 3116 echo yang> xie,/root/USER_CD


2019-01-08 15:10:54,root pts/0 2019-01-08 11:30, root,vm1, 3117 rm -rf xie,/root/USER_CD


2019-01-08 15:10:56,root pts/0 2019-01-08 11:30, root,vm1, 3118 sh keycmd.sh,/root/USER_CD


2019-01-08 15:11:35,root pts/0 2019-01-08 11:30, root,vm1, 3119 vi keycmd.sh,/root/USER_CD


2019-01-08 15:11:39,root pts/0 2019-01-08 11:30, root,vm1, 3120 sh keycmd.sh,/root/USER_CD


2019-01-08 15:11:39,root pts/0 2019-01-08 15:09, root,vm1, 3120 rm keycmd.sh,/root/USER_CD


2019-01-08 15:12:39,root pts/0 2019-01-08 11:30, root,vm1, 3120 rm keycmd.sh,/root/USER_CD



现在,我想在同一分钟内选择所有行。

例如当timestr为:

 
2019-01-08 15:09



 

正确的结果应该是:


2019-01-08 15:09:32,root pts/0 2019-01-08 11:30, root,vm1, 3111 sh keycmd.sh,/root/USER_CD


2019-01-08 15:09:40,root pts/0 2019-01-08 11:30, root,vm1, 3112 cat/tmp/keycmdtmp.log,/root/USER_CD



但这一行:


2019-01-08 15:11:39,root pts/0 2019-01-08 15:09, root,vm1, 3120 rm keycmd.sh,/root/USER_CD



在结果中排除。

我尝试过:


timestr=`date +%Y-%m-%d""%H:%M`



 sed -n '/^$timestr/p'/var/log/audit_check.log>/tmp/keycmdtmp.log



但是/tmp/keycmdtmp.log 是空的。当我像这样删除"^":


timestr=`date +%Y-%m-%d""%H:%M`



sed -n '/$timestr/p'/var/log/audit_check.log>/tmp/keycmdtmp.log



结果更改为:


2019-01-08 15:09:32,root pts/0 2019-01-08 11:30, root,vm1, 3111 sh keycmd.sh,/root/USER_CD


2019-01-08 15:09:40,root pts/0 2019-01-08 11:30, root,vm1, 3112 cat/tmp/keycmdtmp.log,/root/USER_CD


2019-01-08 15:11:39,root pts/0 2019-01-08 15:09, root,vm1, 3120 rm keycmd.sh,/root/USER_CD



It seems nothing wrong, who can help me?



时间: 原作者:

150 0

这更适合于 awk:


awk -F, -v dt="$(date '+%Y-%m-%d %H:%M')" '$1 ~ dt' file




2019-01-08 15:09:32,root pts/0 2019-01-08 11:30, root,vm1, 3111 sh keycmd.sh,/root/USER_CD


2019-01-08 15:09:40,root pts/0 2019-01-08 11:30, root,vm1, 3112 cat/tmp/keycmdtmp.log,/root/USER_CD



原作者:
113 2

如果只需要过滤与时间约束( 不需要去 awk 或者 sed ) 匹配的输入行,就可以简单地使用 grep

输入:


$ cat dates_test.in


2019-01-08 15:09:32,root pts/0 2019-01-08 11:30, root,vm1, 3111 sh keycmd.sh,/root/USER_CD


2019-01-08 15:09:40,root pts/0 2019-01-08 11:30, root,vm1, 3112 cat/tmp/keycmdtmp.log,/root/USER_CD


2019-01-08 15:10:30,root pts/0 2019-01-08 11:30, root,vm1, 3115 cat/var/log/audit_check.log,/root/USER_CD


2019-01-08 15:10:51,root pts/0 2019-01-08 11:30, root,vm1, 3116 echo yang> xie,/root/USER_CD


2019-01-08 15:10:54,root pts/0 2019-01-08 11:30, root,vm1, 3117 rm -rf xie,/root/USER_CD


2019-01-08 15:10:56,root pts/0 2019-01-08 11:30, root,vm1, 3118 sh keycmd.sh,/root/USER_CD


2019-01-08 15:11:35,root pts/0 2019-01-08 11:30, root,vm1, 3119 vi keycmd.sh,/root/USER_CD


2019-01-08 15:11:39,root pts/0 2019-01-08 11:30, root,vm1, 3120 sh keycmd.sh,/root/USER_CD


2019-01-08 15:11:39,root pts/0 2019-01-08 15:09, root,vm1, 3120 rm keycmd.sh,/root/USER_CD


2019-01-08 15:12:39,root pts/0 2019-01-08 11:30, root,vm1, 3120 rm keycmd.sh,/root/USER_CD



命令:


grep"^`date '+%Y-%m-%d %H:%M'`" dates_test.in 



输出:


$ grep"^`date '+%Y-%m-%d %H:%M'`" dates_test.in 


2019-01-08 17:20:39,root pts/0 2019-01-08 15:09, root,vm1, 3120 rm keycmd.sh,/root/USER_CD


2019-01-08 17:20:39,root pts/0 2019-01-08 11:30, root,vm1, 3120 rm keycmd.sh,/root/USER_CD



原作者:
84 1

根据你的日志,你可以尝试将逗号添加到sed中,如下所示:


sed -n"/${timestr},/p"/var/log/audit_check.log>/tmp/keycmdtmp.log



147 4

尝试双引号:


sed -n"/^$timestr/p" file



就像这个:


$ cat test.log


2019-01-08 15:09:32,root pts/0 2019-01-08 11:30, root,vm1, 3111 sh keycmd.sh,/root/USER_CD


2019-01-08 15:09:40,root pts/0 2019-01-08 11:30, root,vm1, 3112 cat/tmp/keycmdtmp.log,/root/USER_CD


2019-01-08 15:10:30,root pts/0 2019-01-08 11:30, root,vm1, 3115 cat/var/log/audit_check.log,/root/USER_CD


2019-01-08 15:10:51,root pts/0 2019-01-08 11:30, root,vm1, 3116 echo yang> xie,/root/USER_CD


2019-01-08 15:10:54,root pts/0 2019-01-08 11:30, root,vm1, 3117 rm -rf xie,/root/USER_CD


2019-01-08 15:10:56,root pts/0 2019-01-08 11:30, root,vm1, 3118 sh keycmd.sh,/root/USER_CD


2019-01-08 15:11:35,root pts/0 2019-01-08 11:30, root,vm1, 3119 vi keycmd.sh,/root/USER_CD


2019-01-08 15:11:39,root pts/0 2019-01-08 11:30, root,vm1, 3120 sh keycmd.sh,/root/USER_CD


2019-01-08 15:11:39,root pts/0 2019-01-08 15:09, root,vm1, 3120 rm keycmd.sh,/root/USER_CD


2019-01-08 15:12:39,root pts/0 2019-01-08 11:30, root,vm1, 3120 rm keycmd.sh,/root/USER_CD



$ echo $timestr


2019-01-08 15:09



$ sed -n"/^$timestr/p" test.log


2019-01-08 15:09:32,root pts/0 2019-01-08 11:30, root,vm1, 3111 sh keycmd.sh,/root/USER_CD


2019-01-08 15:09:40,root pts/0 2019-01-08 11:30, root,vm1, 3112 cat/tmp/keycmdtmp.log,/root/USER_CD



awk,如果你已经有 $timestr:


$ awk -v str="$timestr" '$0~"^"str' test.log


2019-01-08 15:09:32,root pts/0 2019-01-08 11:30, root,vm1, 3111 sh keycmd.sh,/root/USER_CD


2019-01-08 15:09:40,root pts/0 2019-01-08 11:30, root,vm1, 3112 cat/tmp/keycmdtmp.log,/root/USER_CD



为了好玩,另一种调用变量的方法是:


$ x="$timestr" awk '$0~"^"ENVIRON["x"]' test.log


2019-01-08 15:09:32,root pts/0 2019-01-08 11:30, root,vm1, 3111 sh keycmd.sh,/root/USER_CD


2019-01-08 15:09:40,root pts/0 2019-01-08 11:30, root,vm1, 3112 cat/tmp/keycmdtmp.log,/root/USER_CD



...