從netstat命令中提取了如下信息作為用例
$ cat netstat.txtPRoto Recv-Q Send-Q Local-Address Foreign-Address Statetcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 coolshell.cn:80 124.205.5.146:18245 TIME_WAITtcp 0 0 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT2tcp 0 0 coolshell.cn:80 110.194.134.189:1032 ESTABLISHEDtcp 0 0 coolshell.cn:80 123.169.124.111:49809 ESTABLISHEDtcp 0 0 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT2tcp 0 0 coolshell.cn:80 123.169.124.111:49829 ESTABLISHEDtcp 0 0 coolshell.cn:80 183.60.215.36:36970 TIME_WAITtcp 0 4166 coolshell.cn:80 61.148.242.38:30901 ESTABLISHEDtcp 0 1 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT1tcp 0 0 coolshell.cn:80 110.194.134.189:4796 ESTABLISHEDtcp 0 0 coolshell.cn:80 183.60.212.163:51082 TIME_WAITtcp 0 1 coolshell.cn:80 208.115.113.92:50601 LAST_ACKtcp 0 0 coolshell.cn:80 123.169.124.111:49840 ESTABLISHEDtcp 0 0 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2tcp 0 0 :::22 :::* LISTEN
下面是最簡單最常用的awk示例�,其輸出第1列和第4例
- 其中單引號中的被大括號括著的就是awk的語句����,注意,其只能被單引號包含�。
- 其中的$1..$n表示第幾例。注:$0表示整個行��。
$ awk '{print $1, $4}' netstat.txtProto Local-Addresstcp 0.0.0.0:3306tcp 0.0.0.0:80tcp 127.0.0.1:9000tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp coolshell.cn:80tcp :::22
我們再來看看awk的格式化輸出�����,和C語言的printf沒什么兩樣:
$ awk'{printf "%-8s %-8s %-8s %-18s %-22s %-15s/n",$1,$2,$3,$4,$5,$6}'netstat.txtProto Recv-Q Send-Q Local-Address Foreign-Address Statetcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 coolshell.cn:80 124.205.5.146:18245 TIME_WAITtcp 0 0 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT2tcp 0 0 coolshell.cn:80 110.194.134.189:1032 ESTABLISHEDtcp 0 0 coolshell.cn:80 123.169.124.111:49809 ESTABLISHEDtcp 0 0 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT2tcp 0 0 coolshell.cn:80 123.169.124.111:49829 ESTABLISHEDtcp 0 0 coolshell.cn:80 183.60.215.36:36970 TIME_WAITtcp 0 4166 coolshell.cn:80 61.148.242.38:30901 ESTABLISHEDtcp 0 1 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT1tcp 0 0 coolshell.cn:80 110.194.134.189:4796 ESTABLISHEDtcp 0 0 coolshell.cn:80 183.60.212.163:51082 TIME_WAITtcp 0 1 coolshell.cn:80 208.115.113.92:50601 LAST_ACKtcp 0 0 coolshell.cn:80 123.169.124.111:49840 ESTABLISHEDtcp 0 0 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2tcp 0 0 :::22 :::* LISTEN我們再來看看如何過濾記錄(下面過濾條件為:第三列的值為0 && 第6列的值為LISTEN)
$ awk '$3==0 && $6=="LISTEN" ' netstat.txttcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 :::22 :::* LISTEN
其中的“==”為比較運算符����。其他比較運算符:!=, <, < >=, < p>
我們來看看各種過濾記錄的方式:
$ awk' $3>0 {print $0}'netstat.txtProto Recv-Q Send-Q Local-Address Foreign-Address Statetcp 0 4166 coolshell.cn:80 61.148.242.38:30901 ESTABLISHEDtcp 0 1 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT1tcp 0 1 coolshell.cn:80 208.115.113.92:50601 LAST_ACK如果我們需要表頭的話,我們可以引入內建變量NR:
$ awk '$3==0 && $6=="LISTEN" || NR==1 ' netstat.txtProto Recv-Q Send-Q Local-Address Foreign-Address Statetcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 :::22 :::* LISTEN
再加上格式化輸出:
$ awk'$3==0 && $6=="LISTEN" || NR==1 {printf "%-20s %-20s %s/n",$4,$5,$6}'netstat.txtLocal-Address Foreign-Address State0.0.0.0:3306 0.0.0.0:* LISTEN0.0.0.0:80 0.0.0.0:* LISTEN127.0.0.1:9000 0.0.0.0:* LISTEN:::22 :::* LISTEN內建變量
說到了內建變量���,我們可以來看看awk的一些內建變量:
$0 當前記錄(這個變量中存放著整個行的內容)$1~$n 當前記錄的第n個字段,字段間由FS分隔FS 輸入字段分隔符 默認是空格或TabNF 當前記錄中的字段個數��,就是有多少列NR 已經讀出的記錄數����,就是行號��,從1開始�,如果有多個文件話,這個值也是不斷累加中���。FNR 當前記錄數��,與NR不同的是����,這個值會是各個文件自己的行號RS 輸入的記錄分隔符�����, 默認為換行符OFS 輸出字段分隔符��, 默認也是空格ORS 輸出的記錄分隔符����,默認為換行符FILENAME 當前輸入文件的名字
怎么使用呢�,比如:我們如果要輸出行號:
$ awk'$3==0 && $6=="ESTABLISHED" || NR==1 {printf "%02s %s %-20s %-20s %s/n",NR, FNR, $4,$5,$6}'netstat.txt01 1 Local-Address Foreign-Address State07 7 coolshell.cn:80 110.194.134.189:1032 ESTABLISHED08 8 coolshell.cn:80 123.169.124.111:49809 ESTABLISHED10 10 coolshell.cn:80 123.169.124.111:49829 ESTABLISHED14 14 coolshell.cn:80 110.194.134.189:4796 ESTABLISHED17 17 coolshell.cn:80 123.169.124.111:49840 ESTABLISHED指定分隔符
$ awk 'BEGIN{FS=":"} {print $1,$3,$6}' /etc/passwdroot 0 /rootbin 1 /bindaemon 2 /sbinadm 3 /var/admlp 4 /var/spool/lpdsync5 /sbinshutdown6 /sbinhalt 7 /sbin上面的命令也等價于:(-F的意思就是指定分隔符)
$ awk-F: '{print $1,$3,$6}'/etc/passwd注:如果你要指定多個分隔符����,你可以這樣來:
字符串匹配
$ awk '$6 ~ /FIN/ || NR==1 {print NR,$4,$5,$6}' OFS="/t" netstat.txt1 Local-Address Foreign-Address State6 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT29 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT213 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT118 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2$ $ awk '$6 ~ /WAIT/ || NR==1 {print NR,$4,$5,$6}' OFS="/t" netstat.txt1 Local-Address Foreign-Address State5 coolshell.cn:80 124.205.5.146:18245 TIME_WAIT6 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT29 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT211 coolshell.cn:80 183.60.215.36:36970 TIME_WAIT13 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT115 coolshell.cn:80 183.60.212.163:51082 TIME_WAIT18 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2上面的示例匹配FIN狀態, 第二個示例匹配WAIT字樣的狀態��。其實 ~ 表示模式開始��。/ /中是模式����。這就是一個正則表達式的匹配����。
其實awk可以像grep一樣的去匹配第一行,就像這樣:
$ awk '/LISTEN/' netstat.txttcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:80 0.0.0.0:* LISTENtcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTENtcp 0 0 :::22 :::* LISTEN
我們可以使用 “/FIN|TIME/” 來匹配 FIN 或者 TIME :
$ awk'$6 ~ /FIN|TIME/ || NR==1 {print NR,$4,$5,$6}'OFS="/t"netstat.txt1 Local-Address Foreign-Address State5 coolshell.cn:80 124.205.5.146:18245 TIME_WAIT6 coolshell.cn:80 61.140.101.185:37538 FIN_WAIT29 coolshell.cn:80 116.234.127.77:11502 FIN_WAIT211 coolshell.cn:80 183.60.215.36:36970 TIME_WAIT13 coolshell.cn:80 124.152.181.209:26825 FIN_WAIT115 coolshell.cn:80 183.60.212.163:51082 TIME_WAIT18 coolshell.cn:80 117.136.20.85:50025 FIN_WAIT2再來看看模式取反的例子:
$ awk'$6 !~ /WAIT/ || NR==1 {print NR,$4,$5,$6}'OFS="/t"netstat.txt1 Local-Address Foreign-Address State2 0.0.0.0:3306 0.0.0.0:* LISTEN3 0.0.0.0:80 0.0.0.0:* LISTEN4 127.0.0.1:9000 0.0.0.0:* LISTEN7 coolshell.cn:80 110.194.134.189:1032 ESTABLISHED8 coolshell.cn:80 123.169.124.111:49809 ESTABLISHED10 coolshell.cn:80 123.169.124.111:49829 ESTABLISHED12 coolshell.cn:80 61.148.242.38:30901 ESTABLISHED14 coolshell.cn:80 110.194.134.189:4796 ESTABLISHED16 coolshell.cn:80 208.115.113.92:50601 LAST_ACK17 coolshell.cn:80 123.169.124.111:49840 ESTABLISHED19 :::22 :::* LISTEN
