How can I select todays log from:
如何选择今天的日志:
Oct 9 21:47:06 server dovecot[1513]: imap(yar99@vmail.com): Disconnected: Logged out in=235 out=760
Oct 9 21:47:06 server dovecot[1513]: auth-worker(28110): shadow(yar99@vmail.com,127.0.0.1): unknown user
Oct 9 21:47:06 server dovecot[1513]: auth-worker(28110): shadow(yar99@vmail.com,127.0.0.1): unknown user
Oct 9 21:47:06 server dovecot[1513]: imap-login: Login: user=<yar99@vmail.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=1850, secured, session=<ImGl4XUEHAB/AAAB>
Oct 8 21:47:06 server dovecot[1513]: imap(yar99@vmail.com): Disconnected: Logged out in=162 out=7805
Oct 8 21:47:08 server dovecot[1513]: auth-worker(28110): shadow(elnaz75@vmail.com,144.76.43.87): unknown user
Oct 8 21:47:08 server dovecot[1513]: auth-worker(28110): shadow(elnaz75@vmail.com,144.76.43.87): unknown user
Oct 7 21:47:08 server dovecot[1513]: imap-login: Login: user=<elnaz75@vmail.com>, method=PLAIN, rip=144.76.43.87, lip=144.76.43.87, mpid=1853, secured, session=<gkTD4XUE0QCQTCtX>
Oct 6 21:47:08 server dovecot[1513]: imap(elnaz75@vmail.com): Disconnected: Logged out in=235 out=765
Oct 4 21:47:09 server dovecot[1513]: auth-worker(28110): shadow(maryam36@vmail.com,127.0.0.1): unknown user
Oct 4 21:47:09 server dovecot[1513]: auth-worker(28110): shadow(maryam36@vmail.com,127.0.0.1): unknown user
Oct 4 21:47:09 server dovecot[1513]: imap-login: Login: user=<maryam36@vmail.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=1856, secured, session=<sb/G4XUEIAB/AAAB>
My command is:
我的命令是:
cat /var/log/maillog | grep imap-login:\ Login | sed -e 's/.*Login: user=<\(.*\)>, method=.*/\1/g' | sort | uniq
2 个解决方案
#1
1
There's no need to use grep twice in a pipeline with sed since it can do the selection, too:
在sed的管道中不需要使用grep两次,因为它也可以进行选择:
sed -n "/^$(date '+%b %_d').*imap-login: Login/s/.*Login: user=<\(.*\)>, method=.*/\1/p" /var/log/maillog | sort -u
I also eliminated the separate call to uniq since sort -u takes care of that.
我也消除了对uniq的单独调用,因为sort -u会处理这个问题。
I used guido's date command to select the current date, but I replaced the deprecated backticks with $(), as Mark did, which is specified by POSIX and supported by all modern Bourne-derived shells.
我使用guido的date命令来选择当前日期,但是我用$()替换了已弃用的反引号,这是由Mark确定的,由POSIX指定并由所有现代Bourne派生的shell支持。
Here is a version of Mark Setchell's AWK answer which sorts and uniques the result.
这是Mark Setchell的AWK答案的一个版本,它对结果进行排序和取消。
awk -F"[ <>=,]*" -v d="^$(date '+%b %_d')" '$0 ~ d && /imap-login/ {a[$9] = $9} END {n = asort(a); for (i = 1; i <= n; i++) {print a[i]}}' /var/log/maillog
It requires GAWK.
它需要GAWK。
#2
0
You can maybe do something along these lines with awk, and treating spaces, angle brackets, commas and equals signs all as alternate field separators:
您可以使用awk沿着这些行执行某些操作,并将空格,尖括号,逗号和等号都视为备用字段分隔符:
awk -F"[ <>=,]*" -v d="$(date '+%b %_d')" '$0 ~ d && /imap-login/{print $1,$2,$9,$11}' maillog
Oct 9 yar99@vmail.com PLAIN
#1
1
There's no need to use grep twice in a pipeline with sed since it can do the selection, too:
在sed的管道中不需要使用grep两次,因为它也可以进行选择:
sed -n "/^$(date '+%b %_d').*imap-login: Login/s/.*Login: user=<\(.*\)>, method=.*/\1/p" /var/log/maillog | sort -u
I also eliminated the separate call to uniq since sort -u takes care of that.
我也消除了对uniq的单独调用,因为sort -u会处理这个问题。
I used guido's date command to select the current date, but I replaced the deprecated backticks with $(), as Mark did, which is specified by POSIX and supported by all modern Bourne-derived shells.
我使用guido的date命令来选择当前日期,但是我用$()替换了已弃用的反引号,这是由Mark确定的,由POSIX指定并由所有现代Bourne派生的shell支持。
Here is a version of Mark Setchell's AWK answer which sorts and uniques the result.
这是Mark Setchell的AWK答案的一个版本,它对结果进行排序和取消。
awk -F"[ <>=,]*" -v d="^$(date '+%b %_d')" '$0 ~ d && /imap-login/ {a[$9] = $9} END {n = asort(a); for (i = 1; i <= n; i++) {print a[i]}}' /var/log/maillog
It requires GAWK.
它需要GAWK。
#2
0
You can maybe do something along these lines with awk, and treating spaces, angle brackets, commas and equals signs all as alternate field separators:
您可以使用awk沿着这些行执行某些操作,并将空格,尖括号,逗号和等号都视为备用字段分隔符:
awk -F"[ <>=,]*" -v d="$(date '+%b %_d')" '$0 ~ d && /imap-login/{print $1,$2,$9,$11}' maillog
Oct 9 yar99@vmail.com PLAIN