awk简单使用

先展示一下数据

$ cat netstat.txt
Proto Recv-Q Send-Q Local-Address          Foreign-Address             State
tcp        0      0 0.0.0.0:3306           0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:80             0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:9000         0.0.0.0:*                   LISTEN
tcp        0      0 coolshell.cn:80        124.205.5.146:18245         TIME_WAIT
tcp        0      0 coolshell.cn:80        61.140.101.185:37538        FIN_WAIT2
tcp        0      0 coolshell.cn:80        110.194.134.189:1032        ESTABLISHED
tcp        0      0 coolshell.cn:80        123.169.124.111:49809       ESTABLISHED
tcp        0      0 coolshell.cn:80        116.234.127.77:11502        FIN_WAIT2
tcp        0      0 coolshell.cn:80        123.169.124.111:49829       ESTABLISHED
tcp        0      0 coolshell.cn:80        183.60.215.36:36970         TIME_WAIT
tcp        0   4166 coolshell.cn:80        61.148.242.38:30901         ESTABLISHED
tcp        0      1 coolshell.cn:80        124.152.181.209:26825       FIN_WAIT1
tcp        0      0 coolshell.cn:80        110.194.134.189:4796        ESTABLISHED
tcp        0      0 coolshell.cn:80        183.60.212.163:51082        TIME_WAIT
tcp        0      1 coolshell.cn:80        208.115.113.92:50601        LAST_ACK
tcp        0      0 coolshell.cn:80        123.169.124.111:49840       ESTABLISHED
tcp        0      0 coolshell.cn:80        117.136.20.85:50025         FIN_WAIT2
tcp        0      0 :::22                  :::*                        LISTEN

展示第5列数据和第6列数据

命令:

1	$ awk '{print $5,$6}' OFS="\t" netstat.txt

OFS是指定分隔符为\t

效果:

Foreign-Address State
0.0.0.0:*       LISTEN
0.0.0.0:*       LISTEN
0.0.0.0:*       LISTEN
124.205.5.146:18245     TIME_WAIT
61.140.101.185:37538    FIN_WAIT2
110.194.134.189:1032    ESTABLISHED
123.169.124.111:49809   ESTABLISHED
116.234.127.77:11502    FIN_WAIT2
123.169.124.111:49829   ESTABLISHED
183.60.215.36:36970     TIME_WAIT
61.148.242.38:30901     ESTABLISHED
124.152.181.209:26825   FIN_WAIT1
110.194.134.189:4796    ESTABLISHED
183.60.212.163:51082    TIME_WAIT
208.115.113.92:50601    LAST_ACK
123.169.124.111:49840   ESTABLISHED
117.136.20.85:50025     FIN_WAIT2

过滤数据

比如过滤数据(下面过滤条件为：第三列的值为0 && 第6列的值为LISTEN)

命令:

1	$ awk '$3==0 && $6=="LISTEN" ' netstat.txt

其中的“==”为比较运算符。其他比较运算符：!=, >, <, >=, <=

效果:

$ awk '$3==0 && $6=="LISTEN" ' netstat.txt
tcp        0      0 0.0.0.0:3306               0.0.0.0:*              LISTEN
tcp        0      0 0.0.0.0:80                 0.0.0.0:*              LISTEN
tcp        0      0 127.0.0.1:9000             0.0.0.0:*              LISTEN
tcp        0      0 :::22                      :::*                   LISTEN

查询第三列数据大于0的

命令:

1	$ awk '$3 >0 {print $0}' netstat.txt

{print $0}

效果:

$ awk ' $3>0 {print $0}' netstat.txt
Proto Recv-Q Send-Q Local-Address          Foreign-Address             State
tcp        0   4166 coolshell.cn:80        61.148.242.38:30901         ESTABLISHED
tcp        0      1 coolshell.cn:80        124.152.181.209:26825       FIN_WAIT1
tcp        0      1 coolshell.cn:80        208.115.113.92:50601        LAST_ACK

字符串匹配

第六列匹配FIN

命令:

1	$ awk '$6 ~ /FIN/ \|\| NR==1 {print NR,$4,$5,$6}' OFS="\t" netstat.txt

NR==1 是添加表头和行号其实 ~ 表示模式开始。/ /中是模式。这就是一个正则表达式的匹配。

效果:

$ awk '$6 ~ /FIN/ || NR==1 {print NR,$4,$5,$6}' OFS="\t" netstat.txt
1       Local-Address   Foreign-Address State
6       coolshell.cn:80 61.140.101.185:37538    FIN_WAIT2
9       coolshell.cn:80 116.234.127.77:11502    FIN_WAIT2
13      coolshell.cn:80 124.152.181.209:26825   FIN_WAIT1
18      coolshell.cn:80 117.136.20.85:50025     FIN_WAIT2

其实awk可以像grep一样的去匹配第一行，就像这样：

$ awk '/LISTEN/' netstat.txt
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN
tcp        0      0 :::22

折分文件

按第6例拆分文件

命令:

1	$ awk 'NR!=1{print > $6}' netstat.txt

NR!=1 是不带表头和行号

效果:

将netstat.txt按照第六列进行拆分,拆分出多个文件

$ awk 'NR!=1{print > $6}' netstat.txt

$ ls
ESTABLISHED  FIN_WAIT1  FIN_WAIT2  LAST_ACK  LISTEN  netstat.txt  TIME_WAIT

$ cat ESTABLISHED
tcp        0      0 coolshell.cn:80        110.194.134.189:1032        ESTABLISHED
tcp        0      0 coolshell.cn:80        123.169.124.111:49809       ESTABLISHED
tcp        0      0 coolshell.cn:80        123.169.124.111:49829       ESTABLISHED
tcp        0   4166 coolshell.cn:80        61.148.242.38:30901         ESTABLISHED
tcp        0      0 coolshell.cn:80        110.194.134.189:4796        ESTABLISHED
tcp        0      0 coolshell.cn:80        123.169.124.111:49840       ESTABLISHED

$ cat FIN_WAIT1
tcp        0      1 coolshell.cn:80        124.152.181.209:26825       FIN_WAIT1

$ cat FIN_WAIT2
tcp        0      0 coolshell.cn:80        61.140.101.185:37538        FIN_WAIT2
tcp        0      0 coolshell.cn:80        116.234.127.77:11502        FIN_WAIT2
tcp        0      0 coolshell.cn:80        117.136.20.85:50025         FIN_WAIT2

$ cat LAST_ACK
tcp        0      1 coolshell.cn:80        208.115.113.92:50601        LAST_ACK

$ cat LISTEN
tcp        0      0 0.0.0.0:3306           0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:80             0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:9000         0.0.0.0:*                   LISTEN
tcp        0      0 :::22                  :::*                        LISTEN

$ cat TIME_WAIT
tcp        0      0 coolshell.cn:80        124.205.5.146:18245         TIME_WAIT
tcp        0      0 coolshell.cn:80        183.60.215.36:36970         TIME_WAIT
tcp        0      0 coolshell.cn:80        183.60.212.163:51082        TIME_WAIT

也可以把指定的列输出到文件

例如:将第四列的数据和第五列的数据按照第六拆分后,写入到新文件中

1	$ awk 'NR!=1{print $4,$5 > $6}' ODS="\t" netstat.txt

效果:

$  cat TIME_WAIT
coolshell.cn:80  124.205.5.146:18245
coolshell.cn:80  183.60.215.36:36970
coolshell.cn:80  183.60.212.163:51082