Elimine linhas do meio usando sed

Navegue suas respostas
1

Eu tenho o seguinte formato de log 

2017-12-22T23:32:07-05:00 ServerABC sshd[22549]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[60944]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[1787]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:13-05:00 ServerABC sshd[1367]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:14-05:00 ServerABC sshd[36061]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:17+00:00 ServerABC sshd[31616]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2

Eu tenho usado o comando abaixo para analisá-lo. No entanto, não consigo me livrar do "[ID: 800047 dns.info]"

Existe uma maneira mais fácil de usar sed para eliminar a linha média? 

grep -E '(Accepted|for JohnBlezard)' testing.txt | grep "JohnBlezard from" | awk '{print $2, $5, $7, $9, $11}'

O resultado esperado deve ser o seguinte 

[ServerABC] [password] [JohnBlezard] [IP Address]

Mas depois de analisar, estou percebendo em algumas linhas que está saindo como 

[ServerABC] [ID 800047] [Accepted] [for] [from]
    
por John Blezard 26.03.2018 / 15:35

3 respostas

0

Você pode remover essas linhas com grep -v

De man grep 

       -v, --invert-match
          Invert the sense of matching, to select non-matching lines.  (-v is specified by POSIX.)

Então 

$ cat test
2017-12-22T23:32:07-05:00 ServerABC sshd[22549]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[60944]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:07-05:00 ServerABC sshd[1787]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:13-05:00 ServerABC sshd[1367]: [ID 800047 dns.info] Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:14-05:00 ServerABC sshd[36061]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2
2017-12-22T23:32:17+00:00 ServerABC sshd[31616]: Accepted password for JohnBlezard from 192.168.1.1 port 81111 ssh2

Resultado esperado 

$ grep -E '(Accepted|for JohnBlezard)' test | grep -v "\[ID" | grep "JohnBlezard from" | awk '{print $2, $5, $7, $9, $11}'
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
    
por 26.03.2018 / 16:09
1

Com o comando único awk : 

awk '/Accepted .+ for JohnBlezard/{ 
         if ($4 == "[ID") { $5 = $8; $7 = $10; $9 = $12; $11 = $14 }
         print $2, $5, $7, $9, $11
     }' test.txt

A saída: 

ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
ServerABC password JohnBlezard 192.168.1.1 81111
    
por 26.03.2018 / 16:00
0

Você pode tentar com este sed 

sed -E '
 h
  s/(.*: (\[[^\]*\] )*)//
  s/(( *[^ ]*){6})(.*)//
  s/( *[^ ]* )([^ ]*)/[] /g
 x
  s/([^ ]* )([^ ]*).*/ []/
 G
  y/\n/ /
' infile
    
por 26.03.2018 / 17:37

Tags

O kernel do Linux pode usar tamanho de página de memória virtual padrão maior que 4KB sem modificação do kernel? Como resolver Depends: libwinpr2-2?