1.简介 模式扫描和处理的语言,一般可作为格式化工具。
2.命令格式 awk [OPTIONS] 'script' fileawk [OPTIONS] -f scriptfile file
3.示例 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 777/rpcbind tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1075/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1409/master tcp 0 0 127.0.0.1:17380 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 127.0.0.1:17400 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 127.0.0.1:17221 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 1133/tinyproxy tcp 0 0 127.0.0.1:17131 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 0.0.0.0:9080 0.0.0.0:* LISTEN 2625/WorkerMan: mas tcp 0 0 127.0.0.1:8899 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 127.0.0.1:17033 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 127.0.0.1:15640 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 127.0.0.1:15538 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 127.0.0.1:15445 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 0.0.0.0:8090 0.0.0.0:* LISTEN 1412/phpstudy tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 1080/redis-server * tcp 0 0 127.0.0.1:15329 0.0.0.0:* LISTEN 2497/nginx: master tcp 0 0 127.0.0.1:5538 0.0.0.0:* LISTEN 2478/php-fpm: maste tcp 0 0 192.168.31.208:51704 192.168.31.221:9200 ESTABLISHED 1067/metricbeat tcp 0 0 192.168.31.208:22 192.168.31.151:59684 ESTABLISHED 5894/sshd: root@pts tcp 0 0 192.168.31.208:22 192.168.31.151:63547 ESTABLISHED 7573/sshd: root@pts tcp 0 0 127.0.0.1:8090 127.0.0.1:55354 ESTABLISHED 1412/phpstudy tcp 0 0 127.0.0.1:55354 127.0.0.1:8090 ESTABLISHED 1193/phpstudy tcp6 0 0 ::1:25 :::* LISTEN 1409/master tcp6 0 0 :::3306 :::* LISTEN 2433/mysqld tcp6 0 0 :::111 :::* LISTEN 777/rpcbind tcp6 0 0 :::22 :::* LISTEN 1075/sshd tcp6 0 0 :::21 :::* LISTEN 1112/vsftpd tcp6 0 0 :::9100 :::* LISTEN 764/node_exporter tcp6 0 0 :::6379 :::* LISTEN 1080/redis-server * tcp6 0 0 192.168.31.208:9100 192.168.31.222:35232 ESTABLISHED 764/node_exporter udp 0 0 0.0.0.0:111 0.0.0.0:* 777/rpcbind udp 0 0 127.0.0.1:323 0.0.0.0:* 824/chronyd udp 0 0 0.0.0.0:935 0.0.0.0:* 777/rpcbind udp 0 0 192.168.31.208:59713 111.230.189.174:123 ESTABLISHED 824/chronyd udp6 0 0 :::111 :::* 777/rpcbind udp6 0 0 ::1:323 :::* 824/chronyd udp6 0 0 :::935 :::* 777/rpcbind raw6 213504 0 :::58 :::* 7 805/NetworkManager
以上是文件原始内容
1 # awk '{print $1, $4, $5}' data.txt
该命令作用是打印第1、4、5列,包含标题(即不区分是否标题)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 Proto Local Address tcp 0.0.0.0:111 0.0.0.0:* tcp 0.0.0.0:80 0.0.0.0:* tcp 0.0.0.0:22 0.0.0.0:* tcp 127.0.0.1:25 0.0.0.0:* tcp 127.0.0.1:17380 0.0.0.0:* tcp 127.0.0.1:17400 0.0.0.0:* tcp 127.0.0.1:17221 0.0.0.0:* tcp 0.0.0.0:8888 0.0.0.0:* tcp 127.0.0.1:17131 0.0.0.0:* tcp 0.0.0.0:9080 0.0.0.0:* tcp 127.0.0.1:8899 0.0.0.0:* tcp 127.0.0.1:17033 0.0.0.0:* tcp 127.0.0.1:15640 0.0.0.0:* tcp 127.0.0.1:15538 0.0.0.0:* tcp 127.0.0.1:15445 0.0.0.0:* tcp 0.0.0.0:8090 0.0.0.0:* tcp 0.0.0.0:6379 0.0.0.0:* tcp 127.0.0.1:15329 0.0.0.0:* tcp 127.0.0.1:5538 0.0.0.0:* tcp 192.168.31.208:51704 192.168.31.221:9200 tcp 192.168.31.208:22 192.168.31.151:59684 tcp 192.168.31.208:22 192.168.31.151:63547 tcp 127.0.0.1:8090 127.0.0.1:55354 tcp 127.0.0.1:55354 127.0.0.1:8090 tcp6 ::1:25 :::* tcp6 :::3306 :::* tcp6 :::111 :::* tcp6 :::22 :::* tcp6 :::21 :::* tcp6 :::9100 :::* tcp6 :::6379 :::* tcp6 192.168.31.208:9100 192.168.31.222:35232 udp 0.0.0.0:111 0.0.0.0:* udp 127.0.0.1:323 0.0.0.0:* udp 0.0.0.0:935 0.0.0.0:* udp 192.168.31.208:59713 111.230.189.174:123 udp6 :::111 :::* udp6 ::1:323 :::* udp6 :::935 :::* raw6 :::58 :::*
1 # awk '{printf "%-10s %-22s %-32s \n", $1, $4, $5}' data.txt
该命令作用同上一条,只是进行了格式化
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 Proto Local Address tcp 0.0.0.0:111 0.0.0.0:* tcp 0.0.0.0:80 0.0.0.0:* tcp 0.0.0.0:22 0.0.0.0:* tcp 127.0.0.1:25 0.0.0.0:* tcp 127.0.0.1:17380 0.0.0.0:* tcp 127.0.0.1:17400 0.0.0.0:* tcp 127.0.0.1:17221 0.0.0.0:* tcp 0.0.0.0:8888 0.0.0.0:* tcp 127.0.0.1:17131 0.0.0.0:* tcp 0.0.0.0:9080 0.0.0.0:* tcp 127.0.0.1:8899 0.0.0.0:* tcp 127.0.0.1:17033 0.0.0.0:* tcp 127.0.0.1:15640 0.0.0.0:* tcp 127.0.0.1:15538 0.0.0.0:* tcp 127.0.0.1:15445 0.0.0.0:* tcp 0.0.0.0:8090 0.0.0.0:* tcp 0.0.0.0:6379 0.0.0.0:* tcp 127.0.0.1:15329 0.0.0.0:* tcp 127.0.0.1:5538 0.0.0.0:* tcp 192.168.31.208:51704 192.168.31.221:9200 tcp 192.168.31.208:22 192.168.31.151:59684 tcp 192.168.31.208:22 192.168.31.151:63547 tcp 127.0.0.1:8090 127.0.0.1:55354 tcp 127.0.0.1:55354 127.0.0.1:8090 tcp6 ::1:25 :::* tcp6 :::3306 :::* tcp6 :::111 :::* tcp6 :::22 :::* tcp6 :::21 :::* tcp6 :::9100 :::* tcp6 :::6379 :::* tcp6 192.168.31.208:9100 192.168.31.222:35232 udp 0.0.0.0:111 0.0.0.0:* udp 127.0.0.1:323 0.0.0.0:* udp 0.0.0.0:935 0.0.0.0:* udp 192.168.31.208:59713 111.230.189.174:123 udp6 :::111 :::* udp6 ::1:323 :::* udp6 :::935 :::* raw6 :::58 :::*
不打印标题(即不打印第一行)
1 # awk 'NR!=1 {printf "%-10s %-22s %-32s \n", $1, $4, $5}' data.txt
内置变量
1 2 3 4 5 6 7 8 9 10 $0 当前记录(这个变量中存放着整个行的内容) $1~$n 当前记录的第n个字段,字段间由FS分隔 FS 输入字段分隔符 默认是空格或Tab NF 当前记录中的字段个数,就是有多少列 NR 已经读出的记录数,就是行号,从1开始,如果有多个文件话,这个值也是不断累加中。 FNR 当前记录数,与NR不同的是,这个值会是各个文件自己的行号 RS 输入的记录分隔符, 默认为换行符 OFS 输出字段分隔符, 默认也是空格 ORS 输出的记录分隔符,默认为换行符 FILENAME 当前输入文件的名字
1 # awk '$1=="tcp" && $6=="ESTABLISHED" || NR==1 {printf "%-10s %-22s %-22s %-16s %-30s \n", $1, $4, $5, $6, $7}' data.txt
该命令作用为,匹配第1列为”tcp”,并且第6列为”ESTABLISHED”,或者行号为1的行(即包含标题),然后进行格式化输出
1 2 3 4 5 6 Proto Local Address Foreign Address tcp 192.168.31.208:51704 192.168.31.221:9200 ESTABLISHED 1067/metricbeat tcp 192.168.31.208:22 192.168.31.151:59684 ESTABLISHED 5894/sshd: tcp 192.168.31.208:22 192.168.31.151:63547 ESTABLISHED 7573/sshd: tcp 127.0.0.1:8090 127.0.0.1:55354 ESTABLISHED 1412/phpstudy tcp 127.0.0.1:55354 127.0.0.1:8090 ESTABLISHED 1193/phpstudy
高级用法和原理见资料
4.资料