查找一段時間内日志

head -1 update.u_log.20131217.txt

123.122.180.129 - - [17/Dec/2013:00:00:19 +0800] "GET /index.php?s=2 HTTP/1.1" 404 570 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; QQDownload 735; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

查找當天16/Dec/2013:17:26:31以後通路記錄

cat update.u_log.20131216.txt | awk '{time = substr($4,2);if(time > "16/Dec/2013:17:26:31" && time < "17/Dec/2013:00:00:00") print $0;}' > update.u_log.20131217_bak.txt

替換16/Dec為17/Dec

cat  update.u_log.20131217_bak.txt | awk '{sub(/16\/Dec/,"17/Dec")}{print $0}' > update.u_log.20131217_bak1.txt

追加到另外一個檔案裡面

cat update.u_log.20131217_bak1.txt >> update.u_log.20131217.txt

轉載一些其它awk 替換 比對

[[email protected] test]# cat awk

1a 9,100.34

1b 1,999.00

1c 5,656.55

[[email protected] test]# awk '{sub(/1/,"test")}{print "\n",$1,$2}' awk   

testa 9,100.34

testb 1,999.00

testc 5,656.55

[[email protected] test]# awk '{gsub(/1/,"test")}{print "\n",$1,$2}' awk  

testa 9,test00.34

testb test,999.00

testc 5,656.55

[[email protected] test]# awk '{sub(/[0-9]+/,"")}{print "\n",$1,$2}' awk 

a 9,100.34

b 1,999.00

c 5,656.55

列印出$1隻包含4個字元的 awk '$1~/^....$/{print $1}' file

http://bbs.linuxtone.org/thread-17620-1-1.html 看到的學習一下記錄一下 效果是有了 但時間和我系統時間對不上

[[email protected] test]# cat awk 

1a 9,100.34 dkjfjkdkjf 45  lopo

1b 1,999.00 dgfg       456 ll

1c 5,656.55 fghgf       465 df

[[email protected] test]# awk '{$2=strftime("%F %T",$2);print $1,$2,$3 >"bbb.txt";print $1,$2,$4 >"ccc.txt"}' awk

[[email protected] test]# cat bbb.txt 

1a 1969-12-31 16:00:09 dkjfjkdkjf

1b 1969-12-31 16:00:01 dgfg

1c 1969-12-31 16:00:05 fghgf

[[email protected] test]# date

Wed Dec 14 22:49:28 PST 2011

[[email protected] test]# cat ccc.txt 

1a 1969-12-31 16:00:09 45

1b 1969-12-31 16:00:01 456

1c 1969-12-31 16:00:05 465

[[email protected] test]# date

Wed Dec 14 23:07:09 PST 2011                                                            

  問題已解決 把{$2=strftime("%F %T",$2)中的$2去掉就可得到正确的格式了 見下圖

 一個檔案，列數是不一樣的，如果有5列，就取前4列，如果有6列，就取前5列

 當第一列大于2的時候 列印

tail -1000  /var/log/syslog-ng/messages.log  | awk '{print $3,$0}'  |awk  -F: '$1$2$3 > 19300 && $1$2$3 < 194000 { print $1$2$3,$0}' 

僅供參考

cat  /var/log/syslog-ng/messages.log  | awk '{print $3,$0}'  |awk  -F: '$1$2$3 > 19300 && $1$2$3 < 194000 { print $1$2$3,$0}' 

簡單方法 

比對10點到11點

cat /var/log/messages | grep "[1][0-1]:..:.." |tail -100

比對一點

cat /var/log/messages | grep "[0][1]:..:.." |tail -300

空格和 ：都作為分隔符

cat /var/log/messages |awk -F"[ ]|:" '$3==10 {print} '