目录
取ifconfig bond0的IP地址
[root@xuegod68 mnt]# ifconfig bond0 bond0 Link encap:Ethernet HWaddr :0C:::8F:AD inet addr:192.168.1.123 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe27:8fad/ Scope:Link UP BROADCAST RUNNING MASTER MULTICAST MTU: Metric: RX packets: errors: dropped: overruns: frame: TX packets: errors: dropped: overruns: carrier: collisions: txqueuelen: RX bytes: (36.7 MiB) TX bytes: (1008.6 KiB)
命令如下:
[root@xuegod68 mnt]# ifconfig bond0 |awk -F "[ :]+" 'NR==2{print NR" "$4}' 192.168.1.123
统计apache日志单IP访问请求数排名
[root@xuegod68 mnt]# head - .txt 10.0.0.3 -- [/Mar/-::+]*GET/HTTP/1.1* *-* 10.0.0.3 -- [/Mar/-::+]*GET/HTTP/1.1* *-* 10.0.0.5 -- [/Mar/-::+]*GET/HTTP/1.1* *-* 10.0.0.3 -- [/Mar/-::+]*GET/HTTP/1.1* *-* 10.0.0.6 -- [/Mar/-::+]*GET/HTTP/1.1* *-*
第一种方法
[root@xuegod68 mnt]# awk '{print $1}' .txt |sort|uniq -c 10.0.0.3 10.0.0.4 10.0.0.5 10.0.0.6
第二种方法
[root@xuegod68 mnt]# awk '{array[$1]++} END {for(key in array) print key,array[key]}' 2.txt 10.0.0.3 35 10.0.0.4 5 10.0.0.5 10 10.0.0.6 10
统计域名访问量
[root@xuegod68 mnt]# cat .txt http://www.baidu.com/index.html http://www.163.com/1.html http://www.cnblogs.com/index.html http://www.baidu.com/2.html http://www.163.com/index.html http://www.qq.com/index.html http://www.baidu.com/3.html http://www.163.com/2.html http://www.baidu.com/2.html
第一种方法:
[root@xuegod68 mnt]# awk '{split($0,array,"/+");key=array[2];count[key]++}END{for(kk in count) print kk,count[kk]}' .txt www.qq.com www.cnblogs.com www.baidu.com www..com
第二种方法:
[root@xuegod68 mnt]# awk -F [/]+ '{array[$2]++} END {for(key in array) print key,array[key]}' .txt www.qq.com www.cnblogs.com www.baidu.com www..com
计算每个人的总工资和平均工资
[root@xuegod68 mnt]# cat .txt wodi 12k yingsui 15k jeacen 10k yideng 10k kuqi 8k xiaofen 6k wodi 11k yingsui 12k jeacen 4k kuqi 12k yideng 11k xiaofen 10k
命令如下:
[root@xuegod68 mnt]# awk '{array[$2]+=$3;count[$2]++}END{for(key in array) print key,array[key]"k",array[key]/count[key]}' 3.txt kuqi 20k 10 jeacen 14k 7 yingsui 27k 13.5 xiaofen 16k 8 wodi 23k 11.5 yideng 21k 10.5
对本地IP和远程IP去重并统计重复数
[root@xuegod68 mnt]# cat .txt Proto Recv-Q Send-Q Local Addree Foreign Addree State tcp 0.0.0.0: 0.0.0.0:* LISTEN tcp 115.29.49.213: 117.136.27.254: SYN_RECV tcp 115.29.49.213: 113.97.117.157: SYN_RECV tcp 115.29.49.213: 117.136.40.20: SYN_RECV tcp 115.29.49.213: 117.136.40.20: SYN_RECV tcp 115.29.49.213: 121.236.219.69: SYN_RECV tcp 0.0.0.0: 0.0.0.0:* LISTEN tcp 0.0.0.0: 0.0.0.0:* LISTEN unix [] SYREAM CONNECTED /TMP/MYSQL.SOCK unix [] SYREAM CONNECTED /TMP/MYSQL.SOCK unix [] SYREAM CONNECTED /TMP/MYSQL.SOCK unix [] SYREAM CONNECTED /TMP/MYSQL.SOCK unix [] SYREAM CONNECTED /TMP/MYSQL.SOCK unix [] SYREAM CONNECTED /TMP/MYSQL.SOCK unix [] SYREAM CONNECTED /TMP/MYSQL.SOCK unix [] SYREAM CONNECTED /TMP/MYSQL.SOCK unix [] SYREAM CONNECTED /TMP/MYSQL.SOCK
命令如下:
[root@xuegod68 mnt]# awk -F "[ :]+" '/^tcp/{array[$3" "$5]++}END{for(key in array) print key,array[key]}' .txt 115.29.49.213 113.97.117.157 115.29.49.213 117.136.27.254 0.0.0.0 0.0.0.0 115.29.49.213 117.136.40.20 115.29.49.213 121.236.219.69
统计源IP,端口及目的IP同时去重
[root@xuegod68 mnt]# head - .txt Dec :: 10.0.0.0 RV016 RGFW-OUT:ACCEPT (TCP 10.0.0.131:->210.192.121.172: on ixp7) [,] Dec :: 10.0.0.0 RV016 RGFW-OUT:ACCEPT (TCP 10.0.0.131:->210.192.121.172: on ixp7) [,] Dec :: 10.0.0.0 RV016 RGFW-OUT:ACCEPT (TCP 10.0.0.131:->210.192.121.172: on ixp7) [,] Dec :: 10.0.0.0 RV016 RGFW-OUT:ACCEPT (TCP 10.0.0.131:->210.192.121.172: on ixp7) [,] Dec :: 10.0.0.0 RV016 RGFW-OUT:ACCEPT (TCP 10.0.0.131:->210.192.121.172: on ixp7) [,] Dec :: 10.0.0.0 RV016 RGFW-OUT:ACCEPT (TCP 10.0.0.43:->203.81.19.92: on ppp6) [,] Dec :: 10.0.0.0 RV016 RGFW-OUT:ACCEPT (UDP 10.0.0.19:->121.14.96.233: on ppp0) [,] Dec :: 10.0.0.0 RV016 RGFW-OUT:ACCEPT (UDP 172.16.1.103:->211.147.6.3: on ppp2) [,] Dec :: 10.0.0.0 RV016 RGFW-OUT:ACCEPT (TCP 172.16.1.203:->61.135.163.86: on ixp7) [,] Dec :: 10.0.0.0 RV016 RGFW-OUT:ACCEPT (TCP 10.0.0.131:->210.192.121.172: on ixp7) [,]
命令如下:
[root@xuegod68 mnt]# vim .sh { split($,array,":|->") sip=array[] sport=array[] mip=array[] if (!((sip,sport,mip) in tree)){ tree[sip,sport,mip] = } } END{ for (key in tree) print key }
[root@xuegod68 mnt]# awk -f .sh .txt 172.16.1.10357318211.147.6. 10.0.0.191441121.14.96. 172.16.1.203437261.135.163. 10.0.0.4354963203.81.19. 10.0.0.1311227210.192.121.
美化效果如下:
[root@xuegod68 mnt]# cat 5.sh
BEGIN{
printf("%-16s %-6s %-16s\n","SIP","SPORT","MIP")
}
{
split($9,array,":|->")
sip=array[1]
sport=array[2]
mip=array[3]
if (!((sip,sport,mip) in tree)){
tree[sip,sport,mip] = 1
}
}
END{
for (key in tree){
split(key,out,SUBSEP)
printf("%-16s %-6s %-16s\n", out[1],out[2],out[3])
}
}
[root@xuegod68 mnt]# awk -f .sh .txt SIP SPORT MIP 172.16.1.103 211.147.6.3 10.0.0.19 121.14.96.233 172.16.1.203 61.135.163.86 10.0.0.43 203.81.19.92 10.0.0.131 210.192.121.172