AIX:使用grep命令从文件中记录的两行 [英] AIX: using grep command to log two lines from a file
问题描述
基本上甲骨文审核条目
/oracle/SBX/saptrace/audit/
这些文件的条目看起来是这样的:
The entries of these files looks something like this :
Tue Jul 2 08:41:53 2013 +02:00
LENGTH : '159'
ACTION :[6] 'COMMIT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'orasbx'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1854349635'
Tue Jul 2 08:41:53 2013 +02:00
LENGTH : '159'
ACTION :[6] 'COMMIT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'orasbx'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1854349635'
Tue Jul 2 08:42:16 2013 +02:00
LENGTH : '222'
ACTION :[68] 'update SAPPRD.USR02 set uflag=64 where BNAME='CANAS' and MANDT='000''
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'orasbx'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1854349635'
现在我在crontab中安排一个shell脚本为它每三个小时运行。
Now i have schedule a shell script in crontab for it to run every three hours.
脚本是这样的:
#/bin/sh
grep -i USR02 /oracle/SBX/saptrace/audit/*.aud > /EDB/log/check_audit_dest.log
grep -i USH02 /oracle/SBX/saptrace/audit/*.aud >> /EDB/log/check_audit_dest.log
grep -i TCURR /oracle/SBX/saptrace/audit/*.aud >> /EDB/log/check_audit_dest.log
grep -i REGUH /oracle/SBX/saptrace/audit/*.aud >> /EDB/log/check_audit_dest.log
grep -i LFB1 /oracle/SBX/saptrace/audit/*.aud >> /EDB/log/check_audit_dest.log
grep -i LFA1 /oracle/SBX/saptrace/audit/*.aud >> /EDB/log/check_audit_dest.logs
这是什么脚本,如果有任何操作是这些表是日志行成 /EDB/log/check_audit_dest.log
这样的:
# cat /EDB/log/check_audit_dest.log
/oracle/SBX/saptrace/audit/sbx_ora_13828348_1.aud:ACTION :[68] 'update SAPPRD.USR02 set uflag=64 where BNAME='CANAS' and MANDT='000''
/oracle/SBX/saptrace/audit/sbx_ora_8847374_1.aud:ACTION :[67] 'update SAPPRD.USR02 set uflag=0 where BNAME='CANAS' and MANDT='000''
现在我要的是除了该行我也希望每个条目的第一行被记录在日志文件(例如:周二7月2日八时42分16秒2013 +02:00
)。
Now what i want is apart from that line i also want first line of every entry to be log in that log file(for example:Tue Jul 2 08:42:16 2013 +02:00
).
感谢您
推荐答案
由于您发布的样本输入,你需要的是:
Given the sample input you posted, all you need is:
$ awk -v RS= -F'\n' '/USR02|USH02|TCURR|REGUH|LFB1|LFA1/ {print FILENAME, $1, $3}' file
file Tue Jul 2 08:42:16 2013 +02:00 ACTION :[68] 'update SAPPRD.USR02 set uflag=64 where BNAME='CANAS' and MANDT='000''
如果不做到这一点,发布一些更重presentative输入和预期的输出。
If that doesn't do it, post some more representative input and expected output.
由fedorqui要求如下说明
Explanation as requested below by fedorqui
-
RS =
=>记录由空行分隔 -
-F的'\\ n'
=>记录中字段由换行符分隔 -
/ USR02 | USH02 | TCURR | REGUH | LFB1 | LFA1 /
=>找记载,
包含任何的|
- 分隔字符串 -
打印文件名,$ 30,$ 90
=>打印当前文件的名称,以及第1和第3行/当前记录的字段,一号线作为日期和第三为的动作。
RS=
=> records are separated by blank lines-F'\n'
=> fields within a record are separated by newlines/USR02|USH02|TCURR|REGUH|LFB1|LFA1/
=> look for records that contain any of the|
-separated stringsprint FILENAME, $1, $3
=> print the name of the current file, and the 1st and 3rd lines/fields of the current record, the 1st line being the date and the 3rd being the ACTION.
这篇关于AIX:使用grep命令从文件中记录的两行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!