使用awk命令评估 [英] Evaluating command with Awk

问题描述

的问题是：我在被登记为到达服务器的每个恶意分组的时间戳和IP地址不同txt文件。我想要做的就是创建另外一个txt文件显示，对于每一个IP，第一次一个恶意数据包到达。

在一般我想要做这样的事情：

 在file.txt的每一行
 如果（IP不在LIST.TXT present）
 复制时间戳和IP在LIST.TXT
 

我用awk做这件事。主要的问题是在LIST.TXT如果IP不是present。
我这样做：

  {a = $（grep的-w$ 3LIST.TXT | WC-C）;
    如果（A == 0）
   {
     #copy时间戳和IP在LIST.TXT
   }
 

（我使用$ 3，因为我的ip地址是在源文件中的第三列）。

我不知道如何使AWK评价grep的功能。我已经与反引号也试过，但没有奏效。有人可以给我一些暗示？

我测试我的剧本上的测试文件是这样的：

  10 192.168.1.1
11 192.168.1.2
12 192.165.2.4
13 122.11.22.11
13 192.168.1.1
13 192.168.1.2
13 122.11.22.11
14 122.11.22.11
15 122.11.22.11
15 122.11.22.144
15 122.11.2.11
15 122.11.22.111
 

我应该得到的是：

  10 192.168.1.1
11 192.168.1.2
12 192.165.2.4
13 122.11.22.11
15 122.11.22.144
15 122.11.2.11
15 122.11.22.111
 

感谢你的帮助，我在创造适合我的需要脚本succeded：

 的awk'
FILENAME == ARGV [1] {
    IP [$ 2] = 1
    下一个
}
！ （在IP $ 2）{
    打印$ 1，$ 2  - ;＆GT; ARGV [1]
    IP [$ 2] = 1
}
LIST.TXT file.txt的
 

解决方案

但真的是你想要做的就是让AWK先读LIST.TXT文件，然后再处理与内存中的数据LIST.TXT其他文件。这将允许您避免调用系统（）每行

我假设IP为LIST.TXT的第1列。

当你说复制时间戳和LIST.TXT IP ，我假设你想从file.txt的当前行一些信息附加到文件LIST.TXT

 的awk'
    FILENAME == ARGV [1] {
        IP [$ 1] = 1
        下一个
    }
    ！ （在IP $ 3）{
        打印$ 3，$（whatevever_column_holds_timestamp）GT;＆GT; ARGV [1]
    }
LIST.TXT file.txt的
 

---

中给出的样本文件，你的问题更新简化规定：

 的awk'！看到[$ 2] ++'文件名
 

会产生你已经看到了结果。这awk程序将打印该行如果IP尚未见过。

The problem is that: I have different txt files in which is registered a timestamp and an ip address for every malware packet that arrives to a server. What I want to do is create another txt file that shows, for every ip, the first time a malware packet arrives.

In general I want to do something like this :

for every  line in file.txt
 if (ip is not present in list.txt)
 copy timestamp and ip in list.txt

I'm using awk for doing it. The main problem is the "if ip is not present in list.txt". I'm doing this:

 {    a=$( grep -w "$3" list.txt | wc -c );
    if ( a == 0 )
   {
     #copy timestamp and ip in list.txt
   }

( i'm using $3 because the ip address is in the third column of the source file )

I don't know how to make awk evaluate the grep function. I've tried with backticks also but it didn't work. Someone could give me some hint?

I'm testing my script on test file like this:

10  192.168.1.1
11  192.168.1.2
12  192.165.2.4
13  122.11.22.11    
13  192.168.1.1
13  192.168.1.2
13  122.11.22.11
14  122.11.22.11
15  122.11.22.11
15  122.11.22.144
15  122.11.2.11
15  122.11.22.111

What should I obtain is:

10  192.168.1.1
11  192.168.1.2
12  192.165.2.4
13  122.11.22.11    
15  122.11.22.144
15  122.11.2.11
15  122.11.22.111

Thanks to your help I've succeded in creating the script that fits my needs :

awk '
FILENAME == ARGV[1] {
    ip[$2] = 1
    next
}
! ($2 in ip) {
    print $1, $2 >> ARGV[1]
    ip[$2] = 1
}
' list.txt file.txt 

解决方案

But really what you want to do is get awk to read the list.txt file first, then process the other file with the list.txt data in memory. This will allow you to avoid calling system() for each line.

I assume the ip is in the 1st column of list.txt.

When you say copy timestamp and ip in list.txt, I assume you want to append some info from the current line of file.txt to the list.txt file.

awk '
    FILENAME == ARGV[1] {
        ip[$1] = 1
        next
    }
    ! ($3 in ip) {
        print $3, $(whatevever_column_holds_timestamp) >> ARGV[1]
    }
' list.txt file.txt

---

Given the sample file and simplified requirements of your question update:

awk '! seen[$2]++' filename

will produce the results you've seen. That awk program will print the line if the IP has not yet been seen.

这篇关于使用awk命令评估的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！