1.1 find查找命令
1、find命令说明
1. Linux find命令用来在指定目录下查找文件。
2. 任何位于参数之前的字符串都将被视为欲查找的目录名。
3. 如果使用该命令时,不设置任何参数,则find命令将在当前目录下查找子目录与文件。
-name # 按文件名查找
-size # 按文件大小查找
-perm # 按权限查找
-mtime n # 查找n天内修改内容的文件
-mmin n # 查找n分钟内修改内容的文件
2、find常用查找方法
# 查找当前目录下大于9M的文件详细信息
[root@linux-node1 /]# find . -size +9M | xargs ls -lh
-rw-r--r-- 1 root root 24M Jul 7 04:18 ./aaa/Python-3.7.0/libpython3.7m.a
-rwxr-xr-x 1 root root 14M Jul 7 04:19 ./aaa/Python-3.7.0/Programs/_testembed
-rwxr-xr-x 1 root root 14M Jul 7 04:18 ./aaa/Python-3.7.0/python
-rw-r--r-- 1 root root 22M Jul 6 23:53 ./aaa/Python-3.7.0.tgz
-rw-------. 1 root root 47M Jan 7 2019 ./boot/initramfs-0-rescue-8b956f09fe0549c4b6182589acceab30.img
-rw-------. 1 root root 21M Jan 7 2019 ./boot/initramfs-3.10.0-514.el7.x86_64.img
-rw-------. 1 root root 14M Jan 7 2019 ./boot/initramfs-3.10.0-514.el7.x86_64kdump.img
find . -size +9M | xargs ls -lh : 查找当前目录下大于9M的文件详细信息
[root@linux-node1 /]# find . -type f -name "*.log" -size +1M -exec cp -av {} /tmp \;
cp: ‘./tmp/audit.log’ and ‘/tmp/audit.log’ are the same file
cp: ‘./tmp/journal.log’ and ‘/tmp/journal.log’ are the same filefind . -type f -name "*.log" -size +1M -exec cp -av {} /tmp \; :查找当前目录下以 .log 结尾且大于5M的文件,并复制到/tmp目录下
[root@linux-node1 /]# find /var -mtime +3 -mtime -5
/var/tmp
/var/lib/yum/yumdb/l
/var/lib/yum/yumdb/l/f20daac8f6b3893e42be72af22a5118848f
find /var -mtime +3 -mtime -5 :在/var下查找更改时间在三天到五天的文件
[root@linux-node1 /]# find . -mmin +1 -mmin -3
./aa.py
find . -mmin +1 -mmin -3 :查找当前文件夹下1分钟前3分钟内修改的文件
1.2 grep指令
1、grep指令说明
1. grep命令是一种强大的文本搜索工具,它能使用正则表达式搜索文本,并把匹 配的行打印出来
2. grep搜索成功,则返回0,如果搜索不成功,则返回1,如果搜索的文件不存在,则返回2。
^linux # 以linux开头的行
$php # 以php结尾的行
. # 匹配任意单字符
.+ # 匹配任意多个字符
.* # 匹配0个或多个字符(可有可无)
[0-9a-z] # 匹配中括号内任意一个字符
[abc] # 表示匹配一个字符,这个字符必须是abc中的一个。
(linux)+ # 出现多次Linux单词
(web){2} # web出现两次以上
\ # 屏蔽转义
2、grep常用查找方法
[root@linux-node1 /]# grep -n 'root' /etc/passwd
1:root:x:0:0:root:/root:/bin/bash
10:operator:x:11:0:operator:/root:/sbin/nologin
grep -n 'root' /etc/passwd :查找/etc/passwd下包含 root字符串的文件
[root@linux-node1 /]# grep -Ev "root|nologin" /etc/passwd
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
grep -Ev "root|nologin" /etc/passwd :查找不包含root和nologin关键字的行
[root@linux-node1 /]# grep "root" /etc/{passwd,shadow}
/etc/passwd:root:x:0:0:root:/root:/bin/bash
/etc/passwd:operator:x:11:0:operator:/root:/sbin/nologingrep "root" /etc/{passwd,shadow}:查找/etc/passwd和/etc/shadow文件中包含root关键字的行
[root@linux-node1 /]# grep -c root /etc/passwd
2
grep -c root /etc/passwd :统计/etc/passwd文件中包含root字符串行的数量
3、grep其他用法
[root@linux-node1 ~]# grep -E -v "^$|^#" /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
grep -E -v "^$|^#" /etc/nginx/nginx.conf : 去除空号和以#号开头的行
[root@linux-node1 ~]# seq 1 20 |grep -m 5 -E '[0-9]{2}'
10
11
12
13
14seq 1 20 |grep -m 5 -E '[0-9]{2}' :输出匹配的前五个结果
[root@linux-node1 ~]# seq 1 20 |grep -c -E '[0-9]{2}'
11seq 1 20 |grep -c -E '[0-9]{2}' :输出匹配多少行
[root@linux-node1 ~]# echo "a bc de" |xargs -n1 |grep '^b'
bc
echo "a bc de" |xargs -n1 |grep '^b' :匹配以字符串"b"开头的行
[root@linux-node1 ~]# echo "a ab abc abcd abcde" |xargs -n1 |grep -n 'de$'
5:abcde
echo "a ab abc abcd abcde" |xargs -n1 |grep -n 'de$' :匹配以"de"字符串结尾的行
[root@linux-node1 ~]# grep -r 'sshd' /etc --include *.conf
/etc/sestatus.conf:/usr/sbin/sshd
/etc/sestatus.conf:/usr/sbin/sshd
grep -r 'sshd' /etc --include *.conf :递归搜索/etc 目录下包含 "sshd"字符串 的 conf 后缀文件
[root@linux-node1 ~]# seq 41 45 |grep -E '4[12]'
41
42
seq 41 45 |grep -E '4[12]' :匹配41/42数字
1.3 sed流编辑器,过滤和替换文本
1、sed指令说明
1. sed 命令将当前处理的行读入模式空间进行处理,处理完把结果输出,并清空模式空间。
2. 然后再将下一行读入模式空间进行处理输出,以此类推,直到最后一行。
3. 还有一个暂存空间,可以暂时存放一些处理的数据,但不能直接输出,只能放到模式空间输出。
4. 这两个空间其实就是在内存中初始化的一个内存区域,存放正在处理的数据和临时存放的数据
-n # 只列出sed处理的哪一行内容
-e # 直接在sed模式上进行sed动作编辑
-f # 直接将sed动作写在一个文件内
-r # 让sed指令支持扩展的正则表达式
'''1. 常用选项 '''
-n # 不打印模式空间
-e # 执行脚本、表达式来处理
-f # 执行动作从文件读取执行
-i # 修改原文件
-r # 使用扩展正则表达式 '''2. 常用命令 '''
s/regexp/replacement/ # 替换字符串
p # 打印当前模式空间
P # 打印模式空间的第一行
d # 删除模式空间,开始下一个循环
D # 删除模式空间的第一行,开始下一个循环
= # 打印当前行号
a \text # 当前行追加文本
i \text # 当前行上面插入文本
c \text # 所选行替换新文本
q # 立即退出 sed 脚本
r # 追加文本来自文件
w filename # 写入当前模式空间到文件
! # 取反、 否定 '''3. 常用地址 '''
$ # 匹配最后一行
/regexp/ # 正则表达式匹配行
number # 只匹配指定行
addr1,addr2 # 开始匹配 addr1 行开始,直接 addr2 行结束
addr1,+N # 从 addr1 行开始,向后的 N 行
addr1,~N # 从 addr1 行开始,到 N 行结束
sed指令参数详解
2、sed常用方法
[root@linux-node1 aaa]# nl /etc/passwd | sed '2,5d'
1 root:x:0:0:root:/root:/bin/bash
6 sync:x:5:0:sync:/sbin:/bin/sync
7 shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
8 halt:x:7:0:halt:/sbin:/sbin/halt
9 mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
10 operator:x:11:0:operator:/root:/sbin/nologin
nl /etc/passwd | sed '2,5d' :将2~5行内容删除,然后打印到屏幕上
[root@linux-node1 aaa]# nl /etc/passwd | sed '2,5c "new content"'
1 root:x:0:0:root:/root:/bin/bash
"new content"
6 sync:x:5:0:sync:/sbin:/bin/sync
7 shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
8 halt:x:7:0:halt:/sbin:/sbin/halt
9 mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
10 operator:x:11:0:operator:/root:/sbin/nologin
nl /etc/passwd | sed '2,5c "new content"' :将2~5行的内容替换成字符串 "new content"
[root@linux-node1 aaa]# nl /etc/passwd | sed '/root/d'
2 bin:x:1:1:bin:/bin:/sbin/nologin
3 daemon:x:2:2:daemon:/sbin:/sbin/nologin
4 adm:x:3:4:adm:/var/adm:/sbin/nologin
5 lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
6 sync:x:5:0:sync:/sbin:/bin/sync
nl /etc/passwd | sed '/root/d' :删除/etc/passwd所包含root的行
[root@linux-node1 aaa]# nl /etc/passwd | sed -e '3,$d' -e 's/root/mewusername/'
1 mewusername:x:0:0:root:/root:/bin/bash
2 bin:x:1:1:bin:/bin:/sbin/nologin -e '3,$d' # 删除/etc/passwd第三行到末尾的数据
-e 's/root/nuwusername/' # 将搜索到的内容 root替换成 newusername
nl /etc/passwd | sed -e '3,$d' -e 's/root/mewusername/' :提取到前两行数据,并将 root替换成 newusername
3、sed匹配打印
[root@linux-node1 ~]# tail /etc/services |sed -n '/^blp5/p'
blp5 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locator
tail /etc/services |sed -n '/^blp5/p' :打印匹配 blp5 开头的行
[root@linux-node1 ~]# tail /etc/services |sed -n '1p'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
tail /etc/services |sed -n '1p' :打印第一行
[root@linux-node1 ~]# tail /etc/services |sed -n '1,3p'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
tail /etc/services |sed -n '1,3p' :打印第一行至第三行
[root@linux-node1 ~]# seq 10 |sed -n '1~2p'
1
3
5
7
9
seq 10 |sed -n '1~2p' :打印奇数行
[root@linux-node1 ~]# tail /etc/services |sed -n '$p'
matahari 49000/tcp # Matahari Broker
tail /etc/services |sed -n '$p' :打印最后一行
[root@linux-node1 ~]# tail /etc/services |sed -n '$!p'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
tail /etc/services |sed -n '$!p' :不打印最后一行
[root@linux-node1 ~]# tail /etc/services |sed -n '/^blp5/,/^com/p'
blp5 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
tail /etc/services |sed -n '/^blp5/,/^com/p' :匹配以"blp5开头"到"com开头"的所有行
[root@linux-node1 ~]# tail /etc/services |sed -n '/blp5/,$p'
blp5 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
tail /etc/services |sed -n '/blp5/,$p' :匹配以"blp5"开头行到最后一行
[root@linux-node1 ~]# a=1
[root@linux-node1 ~]# tail /etc/services |sed -n "$a,3p"
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
tail /etc/services |sed -n "$a,3p" :引用系统变量,用引号
4、sed匹配删除
[root@linux-node1 ~]# tail /etc/services |sed '/blp5/d'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
tail /etc/services |sed '/blp5/d' : 删除包含"blp5"的行
[root@linux-node1 ~]# tail /etc/services |sed '1d'
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
blp5 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
tail /etc/services |sed '1d' : 删除第一行
[root@linux-node1 ~]# tail /etc/services |sed '1~2d'
isnetserv 48128/tcp # Image Systems Network Services
blp5 48129/tcp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
iqobject 48619/tcp # iqobject
matahari 49000/tcp # Matahari Broker
tail /etc/services |sed '1~2d' :删除第一到第二行
[root@linux-node1 ~]# sed '/^#/d;/^$/d' /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
sed '/^#/d;/^$/d' /etc/nginx/nginx.conf :去除空格或开头#号的行
5、sed匹配替换
[root@linux-node1 ~]# tail /etc/services |sed 's/blp5/test/'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
test 48129/tcp # Bloomberg locator
test 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
tail /etc/services |sed 's/blp5/test/' :替换 blp5 字符串为 test
[root@linux-node1 ~]# tail /etc/services |sed -n 's/^blp5/test/p'
test 48129/tcp # Bloomberg locator
test 48129/udp # Bloomberg locator
tail /etc/services |sed -n 's/^blp5/test/p' :替换开头是 blp5 的字符串并打印
[root@linux-node1 ~]# tail /etc/services |sed 's/48049/&.0/'
3gpp-cbsp 48049.0/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
blp5 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
tail /etc/services |sed 's/48049/&.0/' :使用&命令引用匹配内容并替换
[root@linux-node1 ~]# tail /etc/services | sed '1,4s/blp5/test/'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
test 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
iqobject 48619/tcp # iqobject
iqobject 48619/udp # iqobject
tail /etc/services | sed '1,4s/blp5/test/' :将1到4行的"blp5"替换成"test"
[root@linux-node1 ~]# tail /etc/services | sed '/48129\/tcp/s/blp5/test/'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
test 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
iqobject 48619/tcp # iqobject
iqobject 48619/udp # iqobject
matahari 49000/tcp # Matahari Broker
tail /etc/services | sed '/48129\/tcp/s/blp5/test/' : 匹配"48129/tcp"并将此行的"blp5"替换成"test"
[root@linux-node1 ~]# tail /etc/services |sed -e '1,2d' -e 's/blp5/test/'
isnetserv 48128/udp # Image Systems Network Services
test 48129/tcp # Bloomberg locator
test 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw [root@linux-node1 ~]# tail /etc/services |sed '1,2d;s/blp5/test/' # 也可以使用分好分隔
isnetserv 48128/udp # Image Systems Network Services
test 48129/tcp # Bloomberg locator
test 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
iqobject 48619/tcp # iqobject
tail /etc/services |sed -e '1,2d' -e 's/blp5/test/' : 删除前两行并将"blp5"替换成"test"
6、sed添加新内容
i: 匹配行上面添加
a: 匹配航下面添加
c: 将匹配航替换成新内容
[root@linux-node1 ~]# tail /etc/services |sed '/blp5/i \test' #在 blp5 上一行添加 test
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
test
blp5 48129/tcp # Bloomberg locator
test
blp5 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
tail /etc/services |sed '/blp5/i \test' :在 blp5 上一行添加 test
[root@linux-node1 ~]# tail /etc/services |sed '/blp5/a \test' # 在 blp5 下一行添加 test
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
blp5 48129/tcp # Bloomberg locator
test
blp5 48129/udp # Bloomberg locator
test
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
tail /etc/services |sed '/blp5/a \test' :在 blp5 下一行添加 test
[root@linux-node1 ~]# tail /etc/services |sed '/blp5/c \test'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
test
test
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
tail /etc/services |sed '/blp5/c \test' :匹配"blp5"的行替换成"test"
[root@linux-node1 ~]# tail /etc/services |sed '2a \test'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
test
isnetserv 48128/udp # Image Systems Network Services
blp5 48129/tcp # Bloomberg locator
tail /etc/services |sed '2a \test' : 在第二行下面添加"test"
7、文本操作
1 2 3
4 5 6
7 8 9
vim a.txt : 编写一个测试文件
[root@linux-node1 ~]# tail /etc/services |sed '/blp5/r a.txt'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
isnetserv 48128/udp # Image Systems Network Services
blp5 48129/tcp # Bloomberg locator
1 2 3
4 5 6
7 8 9
blp5 48129/udp # Bloomberg locator
1 2 3
4 5 6
7 8 9
com-bardac-dw 48556/tcp # com-bardac-dw
com-bardac-dw 48556/udp # com-bardac-dw
iqobject 48619/tcp # iqobject
iqobject 48619/udp # iqobject
matahari 49000/tcp # Matahari Broker
tail /etc/services |sed '/blp5/r a.txt' : 将文件读取追加到匹配行下面
[root@linux-node1 ~]# tail /etc/services |sed '/blp5/w b.txt' #只有下面两行被写入
blp5 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locator
tail /etc/services |sed '/blp5/w b.txt' :将匹配行写入"b.txt"
1.4 awk指令
1、awk指令说明
1. awk是一种编程语言,用于在linux下对文本和数据进行处理
2. awk的处理文件和数据处理方式是逐行扫描,寻找到匹配的行,并在这些行上进行你想要的操作
3. 如果没有指定处理动作,则把匹配的行显示到屏幕上
// # 匹配代码块,可以是字符串或正则表达式
{} # 命令代码块,包含一条或多条命令
$0 # 表示整个当前行
$1 # 每行第一个字段
NF # 字段数量变量
NR # 每行的记录号,多文件记录递增
/[0-9][0-9]+/ # 两个或两个以上数字
/[0-9][0-9]*/ # 一个或一个以上数字
-F'[:#/]' # 定义三个分隔符
FNR # 与NR类似,不过多文件记录不递增,每个文件都从1开始
\t # 制表符
\n # 换行符
FS # BEGIN时定义分隔符
RS # 输入的记录分隔符, 默认为换行符(即文本是按一行一行输入)
~ # 匹配,与==相比不是精确比较
!~ # 不匹配,不精确比较
== # 等于,必须全部相等,精确比较
!= # 不等于,精确比较
&& # 逻辑与
|| # 逻辑或
+ # 匹配时表示1个或1个以上
2、awk常用指令
[root@linux-node1 aaa]# cat /etc/passwd |awk -F ':' '{print $1}'
root
bin
daemon
adm
-F ':' # 使用 ":" 来分隔
'{print $1}' # 打印第一列的数据cat /etc/passwd |awk -F ':' '{print $1}' :以冒号为分隔打印第一列数据
[root@linux-node1 aaa]# cat /etc/passwd | awk -F ':' '{print $1"\t"$7}'
root /bin/bash
bin /sbin/nologin
daemon /sbin/nologin
adm /sbin/nologin
lp /sbin/nologin
sync /bin/sync
'{print $1"\t"$7}' # 打印第一列和第七列数据,并以制表符分隔cat /etc/passwd | awk -F ':' '{print $1"\t"$7}' :打印第一列和第七列数据,并以制表符分隔
[root@linux-node1 aaa]# awk -F ':' '/root/{print $1}' /etc/passwd
root
operatorawk -F ':' '/root/{print $1}' /etc/passwd :搜索/etc/passwd有root关键字的所有行,只显示第一行
[root@linux-node1 aaa]# w|awk 'NR==1{print $6}'
2w|awk 'NR==1{print $6}' :显示第一行第六列的数据
[root@linux-node1 aaa]# awk -F: 'NR==5 || NR==6{print}' /etc/passwd
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/syncawk -F: 'NR==5 || NR==6{print}' /etc/passwd :打印第五行和第六行数据
[root@linux-node1 aaa]# awk '!/mysql/' /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
awk '!/mysql/' /etc/passwd : 匹配所有 不包含 "mysql"关键字的行
[root@linux-node1 aaa]# awk '/mysql|mail/{print}' /etc/passwd
mail:x:8:12:mail:/var/spool/mail:/sbin/nologinawk '/mysql|mail/{print}' /etc/passwd : 匹配包含mysql 或者 mail的行
3、awk基本语法
[root@linux-node1 ~]# tail -n3 /etc/services |awk -F'[ /]+' '{print $2}' # 以空格或斜线分隔
48619
48619
49000tail -n3 /etc/services |awk -F'[ /]+' '{print $2}' :以"空格"或"斜线"分隔
[root@linux-node1 ~]# awk -v a=123 'BEGIN{print a}'
123awk -v a=123 'BEGIN{print a}' : 变量赋值
[root@linux-node1 ~]# tail -n3 /etc/services |awk 'BEGIN{print "服务\t\t端口\t\t\t描述"}{print $0}END{print "===结束==="}'
服务 端口 描述
iqobject 48619/tcp # iqobject
iqobject 48619/udp # iqobject
matahari 49000/tcp # Matahari Broker
===结束===tail -n3 /etc/services |awk 'BEGIN{print "服务\t\t端口\t\t\t描述"}{print $0}END{print "===结束==="}' :BEGIN{} END{}结合使用
4、正则匹配
[root@linux-node1 ~]# tail /etc/services |awk '/^blp5/{print $0}'
blp5 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locatortail /etc/services |awk '/^blp5/{print $0}' :匹配开头是 blp5 的行
[root@linux-node1 ~]# tail /etc/services |awk '/^[a-z0-9]{8} /{print $0}'
iqobject 48619/tcp # iqobject
iqobject 48619/udp # iqobject
matahari 49000/tcp # Matahari Brokertail /etc/services |awk '/^[a-z0-9]{8} /{print $0}' :匹配第一个字段是 8 个字符的行
[root@linux-node1 ~]# tail /etc/services |awk '/blp5/ || /tcp/{print $0}'
3gpp-cbsp 48049/tcp # 3GPP Cell Broadcast Service Protocol
isnetserv 48128/tcp # Image Systems Network Services
blp5 48129/tcp # Bloomberg locatortail /etc/services |awk '/blp5/ && /tcp/{print $0}' :匹配记录中包含 blp5 或 tcp 的行
[root@linux-node1 ~]# awk '! /^#/ && ! /^$/{print $0}' /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;awk '! /^#|^$/' /etc/nginx/nginx.conf :不匹配开头是#和空行
[root@linux-node1 ~]# tail /etc/services |awk '/^blp5/,/^com/'
blp5 48129/tcp # Bloomberg locator
blp5 48129/udp # Bloomberg locator
com-bardac-dw 48556/tcp # com-bardac-dw
tail /etc/services |awk '/^blp5/,/^com/' :匹配以 "blp5开头" 到 "com开头" 之间的所有行
5、NF
[root@linux-node1 ~]# echo "a b c d e f" |awk '{print NF}'
6echo "a b c d e f" |awk '{print NF}' :打印行数
[root@linux-node1 ~]# echo "a b c d e f" |awk '{print $1}'
aecho "a b c d e f" |awk '{print $1}' :打印第一行
[root@linux-node1 ~]# echo "a b c d e f" |awk '{print $NF}' : 打印最后一行
fecho "a b c d e f" |awk '{print $NF}' : 打印最后一行
[root@linux-node1 ~]# echo "a b c d e f" |awk '{print $(NF-1)}' :打印倒数第二行
eecho "a b c d e f" |awk '{print $(NF-1)}' :打印倒数第二行
[root@linux-node1 ~]# echo "a b c d e f" |awk '{$NF="";$(NF-1)="";print $0}' :排除最后两个字段
a b c d echo "a b c d e f" |awk '{$NF="";$(NF-1)="";print $0}' :排除最后两个字段
6、NR
[root@linux-node1 ~]# tail -n5 /etc/services |awk '{print NR,$0}' :打印行号+内容
1 com-bardac-dw 48556/tcp # com-bardac-dw
2 com-bardac-dw 48556/udp # com-bardac-dw
3 iqobject 48619/tcp # iqobjecttail -n5 /etc/services |awk '{print NR,$0}' :打印行号+内容
[root@linux-node1 ~]# tail -n5 /etc/services |awk 'NR==3{print $2}' :打印第三行第二列的值
48619/tcptail -n5 /etc/services |awk 'NR==3{print $2}' :打印第三行第二列的值
[root@linux-node1 ~]# tail -n5 /etc/services |awk 'NR<=3{print NR,$0}' :打印前三行
1 com-bardac-dw 48556/tcp # com-bardac-dw
2 com-bardac-dw 48556/udp # com-bardac-dw
3 iqobject 48619/tcp # iqobjecttail -n5 /etc/services |awk 'NR<=3{print NR,$0}' :打印前三行
7、操作符
'''在 awk 中,有 3 种情况表达式为假:数字 0,空字符串和未定义的值'''
[root@linux-node1 ~]# awk 'BEGIN{n=0;if(n)print "true";else print "false"}'
[root@linux-node1 ~]# awk 'BEGIN{s="";if(s)print "true";else print "false"}'
[root@linux-node1 ~]# awk 'BEGIN{if(s)print "true";else print "false"}'
awk三种为假的情况 :数字 0,空字符串和未定义的值
[root@linux-node1 ~]# seq 3 |awk '{print $0*2}' : 乘法
2
4
6seq 3 |awk '{print $0*2}' : 乘法
[root@linux-node1 ~]# seq 3 |awk '{print $0/2}' :除法
0.5
1
1.5seq 3 |awk '{print $0/2}' :除法
[root@linux-node1 ~]# seq 5 |awk '$0%2==0{print $0}' :取余
2
4seq 5 |awk '$0%2==0{print $0}' :取余
[root@linux-node1 ~]# seq 5 |shuf |awk '{print $0|"sort"}' :先打乱再排序
1
2
3
4
5seq 5 |shuf |awk '{print $0|"sort"}' :先打乱再排序
8、流程控制 (if 语句 )
if (condition) statement [ else statement ]
[root@linux-node1 ~]# seq 5 |awk '{if($1==3)print $0}' :如果第一列的值等于3,打印出来
3seq 5 |awk '{if($1==3)print $0}' :如果第一列的值等于3,打印出来
[root@linux-node1 ~]# echo "123abc#456cde 789aaa#aaabbb aaaa#eee666eeee " |xargs -n1 |awk -F# '{if($2~/[0-9]/)print $2}' # $2~/[0-9]/ (如果第二行匹配到数字就打印)
456cde
eee666eeeeif+正则匹配
[root@linux-node1 ~]# seq 5 |awk '{if($0==3)print $0;else print "no"}' :双分支if
no
no
3
no
noseq 5 |awk '{if($0==3)print $0;else print "no"}' :双分支if
[root@linux-node1 ~]# awk 'BEGIN{a["a"]=123}END{if("a" in a)print "yes"}' < /dev/null :判断数组成员
yesawk 'BEGIN{a["a"]=123}END{if("a" in a)print "yes"}' < /dev/null :判断数组成员
[root@linux-node1 ~]# awk 'BEGIN{print 1==1?"yes":"no"}' :三目运算符
yesawk 'BEGIN{print 1==1?"yes":"no"}' :三目运算符
9、多分支if、for循环、while语句
1 2 3
4 5 6
7 8 9
vim file : 编辑一个测试文件
[root@linux-node1 ~]# awk '{i=1;while(i<=NF){print $i;i++}}' file
1
2
3
4
5
6
7
8
9awk '{i=1;while(i<=NF){print $i;i++}}' file :遍历文件内容
[root@linux-node1 ~]# awk '{for(i=1;i<=NF;i++)print $i}' file
1
2
3
4
5
6
7
8
9awk '{for(i=1;i<=NF;i++)print $i}' file :for循环遍历
[root@linux-node1 ~]# awk '{for(i=NF;i>=1;i--)print $i}' file
3
2
1
6
5
4
9
8
7awk '{for(i=NF;i>=1;i--)print $i}' file :倒序打印
[root@linux-node1 ~]# awk 'BEGIN{for(i=1;i<=5;i++){if(i==3){break};print i}}'
1
2awk 'BEGIN{for(i=1;i<=5;i++){if(i==3){break};print i}}' :break语句
[root@linux-node1 ~]# awk 'BEGIN{for(i=1;i<=5;i++){if(i==3){continue};print i}}'
1
2
4
5awk 'BEGIN{for(i=1;i<=5;i++){if(i==3){continue};print i}}' :continue语句
10、数组
[root@linux-node1 ~]# awk 'BEGIN{a[0]="test";print a[0]}'
testawk 'BEGIN{a[0]="test";print a[0]}' :自定义数组
[root@linux-node1 ~]# tail -n5 /etc/passwd |awk -F: '{a[NR]=$1}END{for(v in a)print a[v],v}'
saltapi 4
nginx 5
sshd 1
chrony 2
tcpdump 3tail -n5 /etc/passwd |awk -F: '{a[NR]=$1}END{for(v in a)print a[v],v}' :for循环遍历数组
[root@linux-node1 ~]# tail /etc/services |awk '{a[$1]++}END{for(v in a)print a[v],v}'
2 com-bardac-dw
1 3gpp-cbsp
2 iqobject
1 matahari
2 isnetserv
2 blp5tail /etc/services |awk '{a[$1]++}END{for(v in a)print a[v],v}' :统计相同字段出现次数
[root@linux-node1 ~]# netstat -antp |awk '/^tcp/{a[$6]++}END{for(v in a)print a[v],v}'
11 LISTEN
3 ESTABLISHEDnetstat -antp |awk '/^tcp/{a[$6]++}END{for(v in a)print a[v],v}' :统计 TCP 连接状态(并发数)
[root@linux-node1 ~]# tail /etc/services |awk '{a[$1]++}END{for(v in a) if(a[v]>=2){print a[v],v}}'
2 com-bardac-dw
2 iqobject
2 isnetserv
2 blp5tail /etc/services |awk '{a[$1]++}END{for(v in a) if(a[v]>=2){print a[v],v}}' :只打印出现次数大于等于 2 的