awk
基本操作方法
格式:awk [选项] '[条件]{编辑指令}' 文件
其中,print 是最常用的编辑指令;若有多条编辑指令,可用分号分隔。
处理文本时,若未指定分隔符,则默认将空格、制表符等作为分隔符。
方式一:直接过滤文件内容
[root@svr5 ~]# awk '{print $1,$2}' /etc/rc.local //输出文件的第1、2列
方式二:结合管道过滤命令输出
[root@svr5 ~]# uname -a //正常的完整输出
Linux svr5.tarena.com 2.6.18-348.el5 #1 SMP Wed Nov 28 21:22:00 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
[root@svr5 ~]# uname -a | awk '{print $1,$3,$12}' //输出第1、3、12字段
Linux 2.6.18-348.el5 x86_64
[选项]
选项 -F 可指定分隔符
截取/etc/passwd文件的前3行,用来创建一个测试文件,操作如下:
[root@svr5 ~]# head -3 /etc/passwd > passwd.txt
输出passwd.txt文件中以分号分隔的第1、7个字段,显示的不同字段之间以逗号隔开,操作如下:
[root@svr5 ~]# awk -F: '{print $1","$7}' passwd.txt 或者awk -F ":" '{print $1","$7}' passwd.txt
awk还识别多种单个的字符,比如以“:”或“/”分隔,输出第1、10个字段:
[root@svr5 ~]# awk -F [:/] '{print $1,$10}' passwd.txt
特殊的内置变量
注意:调用awk的内置变量时,不需要加前置 $ 符号。
比如,使用awk输出当前操作的文件名、当前处理的行号:
[root@svr5 ~]# awk '{print FILENAME,NR}' passwd.txt
passwd.txt 1
passwd.txt 2
passwd.txt 3
输出每次处理的行号,以及当前行以“:”分隔的字段个数:
[root@svr5 ~]# awk -F: '{print NR,NF}' passwd.txt //NR当前已经读入的行数 NF当前处理行的列数
1 7
2 7
3 7
输出当前用户的passwd记录(第1列的值与系统变量USER的值相同):
[root@svr5 ~]# echo $USER //确认当前用户
root
[root@svr5 ~]# awk -F: '$1==ENVIRON["USER"]{print $0}' passwd.txt
root:x:0:0:root:/root:/bin/bash //输出当前用户的记录 $0代表当前读入的整行内容
注意:$0表示正在处理的整行文本,可以省略(默认即输出整行);当编辑指令是输出匹配的整行文本时,整个{print $0}都可以不写。
[root@svr5 ~]# awk -F: '$1==ENVIRON["USER"]{print}' passwd.txt
root:x:0:0:root:/root:/bin/bash
awk处理的时机
awk会逐行处理文本,支持在处理第一行之前做一些准备工作,以及在处理完最后一行之后做一些总结性质的工作。在命令格式上分别体现如下:
行前处理,BEGIN{ }
逐行处理,{ }
行后处理,END{ }
上述编辑指令段可以包含在一对单引号内,比如:
awk [选项] ' BEGIN{编辑指令 } {编辑指令} END{编辑指令}' 文件
举个包括三个处理时机的例子——“统计系统中使用bash作为登录Shell的用户总个数:预处理时赋值变量x=0,然后逐行读入/etc/passwd文件检查,如果发现登录Shell是/bin/bash则x增加1,全部处理完毕后,输出x的值即可。相关操作及结果如下:
[root@svr5 ~]# awk 'BEGIN{x=0}/\<bash$/{x++} END{print x}' /etc/passwd # \<bash表示已bash单词结尾
29
当然,这个例子比较简单(效果与egrep -c '\<bash$' /etc/passwd 相同),此处仅仅是用来说明awk三种处理时机的用法。在实际工作中,利用awk的这种处理流程可以完成许多更复杂的任务。
####################################################################################################
利用awk提取本机的IP地址、根分区使用率
1)提取IP地址
分步实现的思路及操作参考如下——
通过ifconfig eth0查看网卡信息,其中包括IP地址:
[root@svr5 ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:82:09:E9
inet addr:192.168.4.4 Bcast:192.168.4.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe82:9e9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:358524 errors:0 dropped:0 overruns:0 frame:0
TX packets:230638 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:44470760 (42.4 MiB) TX bytes:64236279 (61.2 MiB)
结合grep获得包含IP地址的那一行:
[root@svr5 ~]# ifconfig eth0 | grep "inet addr:"
inet addr:192.168.4.4 Bcast:192.168.4.255 Mask:255.255.255.0
再结合awk过滤出默认分隔的第2列:
[root@svr5 ~]# ifconfig eth0 | grep "inet addr:" | awk '{print $2}'
addr:192.168.4.4
进一步结合awk过滤出以“:”分隔的第2列:
[root@svr5 ~]# ifconfig eth0 | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}'
192.168.4.4
2)提取根分区使用率
分步实现的思路及操作参考如下——
通过df命令查看根分区的使用情况,其中包括使用率:
[root@svr5 ~]# df -hT /
文件系统 类型 容量 已用 可用 已用% 挂载点
/dev/sda2 ext3 19G 7.2G 11G 40% /
输出上述结果中最后一行的第6列:
[root@svr5 ~]# df -hT / | tail -1 | awk '{print $6}'
40%
#####################################################################################
步骤三:格式化输出/etc/passwd文件
1)任务需求及实现思路分析
根据任务要求的结果,输出的内容包括三个部分:列表头、用户信息、列表尾。
由于/etc/passwd文件中的用户记录是单一的以“:”分隔,而且恰好awk本身就已经支持“前、中、后”三段式处理,所以用awk处理是再合适不过了。通过awk的内置变量NR即可获得处理的记录行数,因此只要设置正确的输出即可。
2)根据实现思路编写、验证awk过滤语句
输出信息时,可以使用“\t”显示Tab制表位:
[root@svr5 ~]# awk -F: 'BEGIN{print "User\tUID\tHome"} \
{print $1"\t"$3"\t"$6} END{print "Total "NR" lines."}' /etc/passwd
User UID Home
root 0 /root
bin 1 /bin
daemon 2 /sbin
adm 3 /var/adm
lp 4 /var/spool/lpd
sync 5 /sbin
.. ..
iamkiller 1234 /opt/.private/iamkiller
nsd001 0 /home/nsd001
nsd002 1236 /home/nsd002
nsd003 1237 /home/nsd003
postfix 89 /var/spool/postfix
Total 67 lines.
awk用法之网络连接状态分类汇总:netstat & | & awk
[root@xxx ~]# netstat -n | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key,"\t",state[key]}' CLOSE_WAIT 4 ESTABLISHED 85 SYN_SENT 1 TIME_WAIT 11
[root@v-hwkd-cosmic ~]# netstat -n Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 172.18.13.107:6379 172.18.13.107:2583 ESTABLISHED tcp 0 0 172.18.13.107:6379 172.18.13.107:2559 ESTABLISHED tcp 0 0 127.0.0.1:10793 127.0.0.1:4369 TIME_WAIT tcp 0 0 127.0.0.1:8090 127.0.0.1:62916 TIME_WAIT tcp 0 36 172.18.13.107:22 172.20.238.128:55081 ESTABLISHED tcp 0 0 172.18.13.107:6379 172.18.13.107:2561 ESTABLISHED tcp 0 0 172.18.13.107:6379 172.18.13.107:2581 ESTABLISHED tcp 0 0 172.18.13.107:19214 192.168.203.194:5667 TIME_WAIT tcp 0 0 127.0.0.1:17731 127.0.0.1:4369 ESTABLISHED tcp 0 0 172.18.13.107:6379 172.18.13.107:2587 ESTABLISHED tcp 0 0 172.18.13.107:4369 172.18.13.107:21821 TIME_WAIT tcp 0 0 172.18.13.107:6379 172.18.13.107:2563 ESTABLISHED tcp 0 0 172.18.13.107:6379 172.18.13.107:2589 ESTABLISHED tcp 0 0 172.18.13.107:80 172.18.8.167:49546 TIME_WAIT tcp 0 0 172.18.13.107:29793 172.18.13.107:8082 TIME_WAIT tcp 0 0 172.18.13.107:22 172.20.238.128:55082 ESTABLISHED tcp 0 0 172.18.13.107:6379 172.18.13.107:64697 ESTABLISHED tcp 0 0 127.0.0.1:8090 127.0.0.1:62892 TIME_WAIT tcp 0 0 172.18.13.107:6379 172.18.13.107:39468 ESTABLISHED tcp 0 0 172.18.13.107:6379 172.18.13.107:2569 ESTABLISHED tcp 0 0 172.18.13.107:29817 172.18.13.107:8082 TIME_WAIT tcp 0 0 127.0.0.1:8090 127.0.0.1:62914 TIME_WAIT tcp 0 0 172.18.13.107:6379 172.18.13.107:2579 ESTABLISHED tcp 0 0 172.18.13.107:80 172.18.8.167:49578 TIME_WAIT tcp 0 0 172.18.13.107:6379 172.18.13.107:2585 ESTABLISHED tcp 0 0 127.0.0.1:4369 127.0.0.1:17731 ESTABLISHED tcp6 0 1 172.18.13.107:20465 172.16.60.132:9092 SYN_SENT tcp6 0 0 172.18.13.107:3325 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:3355 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:39468 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:2561 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:16787 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:16779 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:3345 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:2559 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:3361 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:2579 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:2181 172.18.13.108:19704 ESTABLISHED tcp6 0 0 172.18.13.107:3323 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:64697 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:3353 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:30699 172.18.13.107:5672 ESTABLISHED tcp6 0 0 172.18.13.107:2589 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:10245 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:3363 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:2181 172.18.13.107:49302 ESTABLISHED tcp6 0 0 172.18.13.107:3317 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:5672 172.18.13.107:55926 ESTABLISHED tcp6 0 0 127.0.0.1:11771 127.0.0.1:26979 ESTABLISHED tcp6 0 0 172.18.13.107:2181 172.18.13.107:10544 ESTABLISHED tcp6 0 0 172.18.13.107:3369 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:49302 172.18.13.107:2181 ESTABLISHED tcp6 0 0 172.18.13.107:5672 172.18.13.107:30699 ESTABLISHED tcp6 0 0 172.18.13.107:3333 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:10588 172.18.13.107:2181 ESTABLISHED tcp6 0 0 172.18.13.107:3339 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:10568 172.18.13.107:5176 TIME_WAIT tcp6 0 0 172.18.13.107:49292 172.18.13.107:2181 ESTABLISHED tcp6 0 0 172.18.13.107:2181 172.18.13.107:49348 ESTABLISHED tcp6 0 0 172.18.13.107:3597 172.18.13.107:2181 ESTABLISHED tcp6 1 0 172.18.13.107:16115 172.18.13.108:3306 CLOSE_WAIT tcp6 0 0 172.18.13.107:3351 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:3319 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:49264 172.18.13.107:2181 ESTABLISHED tcp6 0 0 172.18.13.107:10544 172.18.13.107:2181 ESTABLISHED tcp6 0 0 172.18.13.107:10550 172.18.13.107:2181 ESTABLISHED tcp6 0 0 172.18.13.107:2181 172.18.13.108:19772 ESTABLISHED tcp6 0 0 172.18.13.107:3449 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:3335 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:2181 172.18.13.107:10588 ESTABLISHED tcp6 0 0 172.18.13.107:3341 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:2181 172.18.13.107:10548 ESTABLISHED tcp6 1 0 172.18.13.107:16669 172.18.13.108:3306 CLOSE_WAIT tcp6 0 0 172.18.13.107:55926 172.18.13.107:5672 ESTABLISHED tcp6 0 0 172.18.13.107:3347 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:2569 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:2583 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:2181 172.18.13.107:49292 ESTABLISHED tcp6 0 0 172.18.13.107:3359 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:2181 172.18.13.107:10550 ESTABLISHED tcp6 0 0 172.18.13.107:49348 172.18.13.107:2181 ESTABLISHED tcp6 0 88 172.18.13.107:2181 172.18.13.107:49264 ESTABLISHED tcp6 0 0 172.18.13.107:2587 172.18.13.107:6379 ESTABLISHED tcp6 1 0 172.18.13.107:50053 49.4.85.173:80 CLOSE_WAIT tcp6 0 0 172.18.13.107:25957 172.18.13.108:9200 ESTABLISHED tcp6 0 0 172.18.13.107:2563 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:7749 172.18.13.107:13635 ESTABLISHED tcp6 0 0 172.18.13.107:10548 172.18.13.107:2181 ESTABLISHED tcp6 0 0 172.18.13.107:2181 172.18.13.107:3597 ESTABLISHED tcp6 0 0 172.18.13.107:2581 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:13635 172.18.13.107:7749 ESTABLISHED tcp6 1 0 172.18.13.107:16671 172.18.13.108:3306 CLOSE_WAIT tcp6 0 0 172.18.13.107:16775 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:3349 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:16777 172.18.13.108:3306 ESTABLISHED tcp6 0 0 127.0.0.1:26979 127.0.0.1:11771 ESTABLISHED tcp6 0 0 172.18.13.107:25955 172.18.13.108:9200 ESTABLISHED tcp6 0 0 172.18.13.107:48635 172.18.13.108:9092 ESTABLISHED tcp6 0 0 172.18.13.107:2585 172.18.13.107:6379 ESTABLISHED tcp6 0 0 172.18.13.107:3321 172.18.13.108:3306 ESTABLISHED tcp6 0 0 172.18.13.107:25691 172.18.13.108:9200 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 22968 /run/systemd/shutdownd unix 2 [ ] DGRAM 12518 /run/systemd/notify unix 2 [ ] DGRAM 12520 /run/systemd/cgroups-agent unix 5 [ ] DGRAM 12535 /run/systemd/journal/socket unix 9 [ ] DGRAM 12537 /dev/log unix 3 [ ] STREAM CONNECTED 16696 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 14765 unix 3 [ ] STREAM CONNECTED 19056 unix 3 [ ] STREAM CONNECTED 19015 unix 3 [ ] STREAM CONNECTED 2694423 unix 3 [ ] STREAM CONNECTED 1824 /var/run/dbus/system_bus_socket unix 2 [ ] STREAM CONNECTED 4341047 unix 3 [ ] STREAM CONNECTED 16689 /run/systemd/journal/stdout unix 2 [ ] DGRAM 13438393 unix 2 [ ] DGRAM 13941 unix 2 [ ] STREAM CONNECTED 3189838 unix 3 [ ] STREAM CONNECTED 15619 /run/systemd/journal/stdout unix 2 [ ] DGRAM 25276 unix 2 [ ] DGRAM 13954 unix 3 [ ] STREAM CONNECTED 25277 unix 3 [ ] STREAM CONNECTED 13952 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 25278 unix 2 [ ] DGRAM 276225 unix 3 [ ] STREAM CONNECTED 16859 unix 3 [ ] STREAM CONNECTED 13950 unix 2 [ ] STREAM CONNECTED 1401791 unix 3 [ ] STREAM CONNECTED 13949 unix 3 [ ] STREAM CONNECTED 16815 unix 2 [ ] STREAM CONNECTED 317207 unix 3 [ ] STREAM CONNECTED 2689833 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 13947 unix 2 [ ] DGRAM 13438407 unix 2 [ ] DGRAM 1826 unix 2 [ ] STREAM CONNECTED 288449 unix 3 [ ] STREAM CONNECTED 15618 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15620 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 15719 unix 2 [ ] STREAM CONNECTED 3175246 unix 3 [ ] STREAM CONNECTED 300058 unix 3 [ ] STREAM CONNECTED 300059 unix 3 [ ] STREAM CONNECTED 271161 /run/systemd/journal/stdout unix 3 [ ] STREAM CONNECTED 1937 /run/systemd/journal/stdout unix 2 [ ] DGRAM 11427 unix 2 [ ] STREAM CONNECTED 333923 unix 3 [ ] STREAM CONNECTED 19653 unix 2 [ ] STREAM CONNECTED 329926 unix 3 [ ] STREAM CONNECTED 278072 unix 3 [ ] STREAM CONNECTED 3228613 unix 3 [ ] DGRAM 11439 unix 3 [ ] STREAM CONNECTED 290386 unix 3 [ ] STREAM CONNECTED 3228609 unix 2 [ ] STREAM CONNECTED 288440 unix 3 [ ] STREAM CONNECTED 1962 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 3228616 unix 3 [ ] STREAM CONNECTED 287459 /run/systemd/journal/stdout unix 2 [ ] STREAM CONNECTED 4342514 unix 3 [ ] STREAM CONNECTED 13951 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 13065 unix 3 [ ] STREAM CONNECTED 20784 unix 2 [ ] DGRAM 1409249 unix 2 [ ] STREAM CONNECTED 333920 unix 3 [ ] STREAM CONNECTED 3228611 unix 3 [ ] STREAM CONNECTED 3228615 unix 2 [ ] DGRAM 10452 unix 3 [ ] STREAM CONNECTED 3228610 unix 3 [ ] DGRAM 11438 unix 3 [ ] STREAM CONNECTED 3228614 unix 3 [ ] STREAM CONNECTED 3228612 unix 2 [ ] STREAM CONNECTED 1401788 [root@v-hwkd-cosmic ~]#
状态:描述
CLOSED:无连接是活动的或正在进行
LISTEN:服务器在等待进入呼叫
SYN_RECV:一个连接请求已经到达,等待确认
SYN_SENT:应用已经开始,打开一个连接
ESTABLISHED:正常数据传输状态
FIN_WAIT1:应用说它已经完成
FIN_WAIT2:另一边已同意释放
ITMED_WAIT:等待所有分组死掉
CLOSING:两边同时尝试关闭
TIME_WAIT:另一边已初始化一个释放
LAST_ACK:等待所有分组死掉
/^tcp/ 滤出tcp开头的记录,屏蔽udp, socket等无关记录。 state[] 相当于定义了一个名叫state的数组 NF 表示记录的字段数,如上所示的记录,NF等于6 $NF 表示某个字段的值,如上所示的记录,$NF也就是$6,表示第6个字段的值,也就是TIME_WAIT state[$NF] 表示数组元素的值,如上所示的记录,就是state[TIME_WAIT]状态的连接数 ++state[$NF] 表示把某个数加一,如上所示的记录,就是把state[TIME_WAIT]状态的连接数加一 END 表示在最后阶段要执行的命令 for(key in state) 遍历数组 print key,"\t",state[key] 打印数组的键和值,中间用\t制表符分割,美化一下。
