下面的是详细的脚本,我简单的跑了一下没有问题,获取日志进行输出的部分是可以写成函数的,现在没时间,晚上回到家我将脚本改一下在上传,希望大家给出修改意见,因为我觉得这个脚本的效率不好,代码页比较混乱:
#!/usr/bin/perl
use strict;
use FindBin qw"$Bin";
use lib "$Bin/../lib";
my $root_dir = $Bin;
my $file = "$root_dir/1"; #all the message save in the file 1,you should change #the file name
my $line;
my @style;
open FILE, $file or die "cannot open file cause $@\n";
$line = <FILE>; #read the first line of the file
#save message part
if ($line =~ m/^\W?\-+messages\-+/) {
open LOG, ">>$root_dir/message" or die "cannot open file to write cause $@\n";
print LOG $line;
$line = <FILE>;
while ($line !~ m/^\W?\-+apache-log\-+/) {
print LOG $line;
$line = <FILE>;
}
close LOG;
}
#save apache-log part
if ($line =~ m/^\W?\-+apache-log\-+/) {
open LOG, ">>$root_dir/apache-log" or die "cannot open file to write cause $@\n";
print LOG $line;
$line = <FILE>;
while ($line !~ m/^\W?\#+/) {
print LOG $line;
$line = <FILE>;
}
close LOG;
}
#save mail-log part
if ($line =~ m/^\W?\#+/) {
open LOG, ">>$root_dir/mail-log" or die "cannot open file to write cause $@\n";
print LOG $line;
$line = <FILE>;
while (!eof) {
print LOG $line;
$line = <FILE>;
}
print LOG $line;
close LOG;
}
close FILE;
《代码完》
2011/1/10 cnhack TNT <cnhacktnt@gmail.com>
从你给出的log数据来看:[hostname_linux_a2] /home/user/script.sh
像以上这样的脚本运行记录是比较固定且和其他类型内容有区别的,所以可以用正则(假设主机名只包含字母,数字,下划线,点,横线):$line =~ /^\[([\w.-]+)\]\s*[^\s].*$/来进行匹配,此时 $1 匹配到 hostname_linux_a2, 你可以用一个hash,以匹配到的主机名作为key,在下一次该正则表达式匹配成功前,将通过fayland的代码得到的 message-log 或者 apachelog 之类的内容存进 hash 中,这样便如你所要求的一样按主机名分组了如果日志量大,不妨以组为单位格式化好你的数据进行输出,并清空这组涉及到的数组等数据,以免占用过多内存。2010/1/10 Gary.jsz <gary.jsz@gmail.com>
如果我的数据是这样的:--
[hostname_linux_a1] /home/user/script.sh
----------messages----------------
Jan 9 05:30:13 linux-lhkq sshd[5118]: Accepted keyboard-interactive/pam for root from 192.168.44.1 port 2394 ssh2
----------apache-log----------------
127.0.0.1 - - [09/Jan/2011:07:00:16 +0800] "GET / HTTP/1.0" 403 1045 "-" "ApacheBench/2.0.40-dev"
######################################################
###############mail-log###############################
Jan 3 19:21:17 linux-lhkq postfix/postfix-script: starting the Postfix mail system
[hostname_linux_a2] /home/user/script.sh
----------messages----------------
Jan 9 05:30:13 linux-lhkq sshd[5118]: Accepted keyboard-interactive/pam for root from 192.168.44.1 port 2394 ssh2
----------apache-log----------------
127.0.0.1 - - [09/Jan/2011:07:00:16 +0800] "GET / HTTP/1.0" 403 1045 "-" "ApacheBench/2.0.40-dev"
######################################################
###############mail-log###############################
Jan 3 19:21:17 linux-lhkq postfix/postfix-script: starting the Postfix mail system
[hostname_linux_a3] /home/user/script.sh
----------messages----------------
Jan 9 05:30:13 linux-lhkq sshd[5118]: Accepted keyboard-interactive/pam for root from 192.168.44.1 port 2394 ssh2
----------apache-log----------------
127.0.0.1 - - [09/Jan/2011:07:00:16 +0800] "GET / HTTP/1.0" 403 1045 "-" "ApacheBench/2.0.40-dev"
######################################################
###############mail-log###############################
Jan 3 19:21:17 linux-lhkq postfix/postfix-script: starting the Postfix mail system
多了一个:[hostname_linux_a3] /home/user/script.sh 行,中括号里面的是主机名,那么我如何按照主机命来分组这些信息。
比如: @hostname_linux_a1的内容为: [hostname_linux_a1] /home/user/script.sh
与[hostname_linux_a2] /home/user/script.sh 之间的数据。
======= 2011-01-06 18:03 Fayland Lam 您在来信中写到:Re: [PerlChina] 一个关于配置刷选的问题 =======
that's pretty simple like:
my $section_now;
my (@messages, @mail_log, @apache_log);
while (my $line = <$fh>) {
if ($line =~ /^(\-+)messages(\-+)$/) {
$section_now = 'messages'; next;
} elsif ($line =~ /^(\-+)apache\-log(\-+)$/) {
$section_now = 'apache-log'; next;
} elsif ($line =~ s/^(\#+)mail\-log(\#+)$/) {
$section_now = 'mail-log'; next;
}
next unless $section_now; # before ---messages---
next if $line =~ /^\#+$/; the ########## line
if ($section_now eq 'message') {
push @messages, $line;
} elsif ($section eq 'apache-log') {
push @apache_log, $line;
}
}
OK. untested. but basically the above should work for you.
Thanks
2011/1/6 Gary.jsz <gary.jsz@gmail.com>:
> 大家好!
>
> 有个问题比较疑惑,不知道怎么处理了,还请指点指点。
>
> 我有一个文件,内容如下:
>
> ----------messages----------------
> Jan 9 05:30:13 linux-lhkq sshd[5118]: Accepted keyboard-interactive/pam for
> root from 192.168.44.1 port 2394 ssh2
> Jan 9 06:01:25 linux-lhkq syslog-ng[3412]: STATS: dropped 0
> Jan 9 06:01:38 linux-lhkq zmd: ShutdownManager (WARN): Preparing to
> sleep...
> Jan 9 06:01:38 linux-lhkq zmd: ShutdownManager (WARN): Going to sleep,
> waking up at 01/10/2011 04:51:38
> Jan 9 06:31:00 linux-lhkq kernel: ISO 9660 Extensions: Microsoft Joliet
> Level 3
> Jan 9 06:31:00 linux-lhkq kernel: ISO 9660 Extensions: RRIP_1991A
> Jan 9 06:56:50 linux-lhkq shadow[9035]: group is unknown - group=wwwadmin,
> by=0
> Jan 9 06:56:50 linux-lhkq shadow[9036]: default group changed -
> account=wwwrun, uid=30, gid=8, old gid=8, by=0
> Jan 9 06:56:50 linux-lhkq shadow[9037]: shell changed - account=wwwrun,
> uid=30, shell=/bin/false, old shell=/bin/false, by=0
> Jan 9 07:01:25 linux-lhkq syslog-ng[3412]: STATS: dropped 0
>
>
> ----------apache-log----------------
> 127.0.0.1 - - [09/Jan/2011:07:00:16 +0800] "GET / HTTP/1.0" 403 1045 "-"
> "ApacheBench/2.0.40-dev"
> 127.0.0.1 - - [09/Jan/2011:07:00:16 +0800] "GET / HTTP/1.0" 403 1045 "-"
> "ApacheBench/2.0.40-dev"
> 127.0.0.1 - - [09/Jan/2011:07:00:16 +0800] "GET / HTTP/1.0" 403 1045 "-"
> "ApacheBench/2.0.40-dev"
> 127.0.0.1 - - [09/Jan/2011:07:00:16 +0800] "GET / HTTP/1.0" 403 1045 "-"
> "ApacheBench/2.0.40-dev"
> 127.0.0.1 - - [09/Jan/2011:07:00:06 +0800] "GET / HTTP/1.0" 403 1045 "-"
> "ApacheBench/2.0.40-dev"
> 127.0.0.1 - - [09/Jan/2011:07:00:16 +0800] "GET / HTTP/1.0" 403 1045 "-"
> "ApacheBench/2.0.40-dev"
>
>
> ######################################################
> ###############mail-log###############################
> Jan 3 19:21:17 linux-lhkq postfix/postfix-script: starting the Postfix mail
> system
> Jan 3 19:21:17 linux-lhkq postfix/master[4648]: daemon started -- version
> 2.2.9, configuration /etc/postfix
> Jan 4 14:16:41 linux-lhkq postfix/postfix-script: starting the Postfix mail
> system
> Jan 4 14:16:42 linux-lhkq postfix/master[4632]: daemon started -- version
> 2.2.9, configuration /etc/postfix
> Jan 4 15:52:46 linux-lhkq postfix/master[4632]: terminating on signal 15
> Jan 7 19:19:58 linux-lhkq postfix/postfix-script: starting the Postfix mail
> system
> Jan 7 19:19:59 linux-lhkq postfix/master[4628]: daemon started -- version
> 2.2.9, configuration /etc/postfix
> Jan 7 19:24:37 linux-lhkq postfix/master[4628]: terminating on signal 15
> Jan 9 05:01:32 linux-lhkq postfix/postfix-script: starting the Postfix mail
> system
> Jan 9 05:01:33 linux-lhkq postfix/master[4573]: daemon started -- version
> 2.2.9, configuration /etc/postfix
>
>
>
> 我想把各个块下面的内容输出到一个列表,不知道怎么操作。
>
> 结果如:
>
> @messages的内容是 messages段下面(apache-log上面)的内容
> @apache-log的内容为apache-log与mail-log之间的内容
> .......
>
>
>
> 先谢谢了!
>
> --
> 您收到此邮件是因为您订阅了 Google 网上论坛的"PerlChina Mongers 讨论组"论坛。
> 要向此网上论坛发帖,请发送电子邮件至 perlchina@googlegroups.com。
> 要取消订阅此网上论坛,请发送电子邮件至 perlchina+unsubscribe@googlegroups.com。
> 若有更多问题,请通过 http://groups.google.com/group/perlchina?hl=zh-CN 访问此网上论坛。
>
--
Fayland Lam // http://www.fayland.org/
--
您收到此邮件是因为您订阅了 Google 网上论坛的"PerlChina Mongers 讨论组"论坛。
要向此网上论坛发帖,请发送电子邮件至 perlchina@googlegroups.com。
要取消订阅此网上论坛,请发送电子邮件至 perlchina+unsubscribe@googlegroups.com。
若有更多问题,请通过 http://groups.google.com/group/perlchina?hl=zh-CN 访问此网上论坛。
.
= = = = = = = = = = = = = = = = = = = =
深圳市傲冠软件股份有限公司 运营部 蒋士竹
----------------------------------------------------------
Address: 深圳市福田区深南大道6015号本元大厦16楼 518040
Tel: (0)13816642255 MSN: gary.jsz@gmail.com
Email: jsz@skybility.com Website: www.skybility.com
您收到此邮件是因为您订阅了 Google 网上论坛的“PerlChina Mongers 讨论组”论坛。
要向此网上论坛发帖,请发送电子邮件至 perlchina@googlegroups.com。
要取消订阅此网上论坛,请发送电子邮件至 perlchina+unsubscribe@googlegroups.com。
若有更多问题,请通过 http://groups.google.com/group/perlchina?hl=zh-CN 访问此网上论坛。
--
您收到此邮件是因为您订阅了 Google 网上论坛的“PerlChina Mongers 讨论组”论坛。
要向此网上论坛发帖,请发送电子邮件至 perlchina@googlegroups.com。
要取消订阅此网上论坛,请发送电子邮件至 perlchina+unsubscribe@googlegroups.com。
若有更多问题,请通过 http://groups.google.com/group/perlchina?hl=zh-CN 访问此网上论坛。
--
nothing is impossible to a willing heart
您收到此邮件是因为您订阅了 Google 网上论坛的"PerlChina Mongers 讨论组"论坛。
要向此网上论坛发帖,请发送电子邮件至 perlchina@googlegroups.com。
要取消订阅此网上论坛,请发送电子邮件至 perlchina+unsubscribe@googlegroups.com。
若有更多问题,请通过 http://groups.google.com/group/perlchina?hl=zh-CN 访问此网上论坛。
博文
没有评论:
发表评论