4-数据工具

ssh        通过命令远程访问计算机

ssh tsp journalctl    //查看系统日志，tsp是远程连接的计算机名称
ssh tsp journalctl | grep ssh    //查看日志后，只选择有ssh的
ssh tsp journalctl | grep ssh | grep "disconnected from"    //整个日志文件通过网络传到电脑，然        后通过本地选出只带ssh的，再进行挑选带有“disconnected from”的
ssh tsp 'journalctl | grep ssh | grep "disconnected from" ' | less    //通过服务器进行数据挑选，less命令可以进行分页查看
ssh tsp 'journalctl | grep ssh | grep "disconnected from" ' > ssh.log    //存到本地的ssh.log文件中
cat ssh.log | less    //

 sed

cat ssh.log | sed 's/.*Disconnected from//' | less    //
cat ssh.log | sed 's/.*Disconnected from//' | less -head -n5    //提取前五行
echo 'aba' | sed 's/[ab]//'    //ba
echo 'bba' | sed 's/[ab]//'    //ba
echo 'bba' | sed 's/[ab]//g'    //
echo 'bbac' | sed 's/[ab]//g'    //c
echo 'bcbzac' | sed 's/[ab]//g'    //czc
echo 'abcaba' | sed 's/\(ab\)*//g'    //a
echo 'abcaba' | sed -E 's/(ab)*//g'    //a
echo 'abcabac' | sed -E 's/(ab|bc)*//g'    //cc
echo 'abcabbc' | sed -E 's/(ab|bc)*//g'    //c

.*         //greedy

echo 'Disconnected form invalid user Disconnected from 84.211' | sed 's/.*Disconnected from //'    //84.211 Disconnected form invalid user Disconnected from 都删除了，匹配了两次
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user .*[0-9]+ port [0-9]+( \[preauth\])?$//'
//正则表达式打锚点（^和$），（|）是指的两个可以替换，后面的？表示0或1次
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user （.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | wc -l    ///\2/是指（）
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user （.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort    //排序
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user （.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort | uniq    //排序，其中重复的只进行一次打印
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user （.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort | uniq -c        //排序，计算重复行次数并消除重复行
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user （.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort | uniq -c | sort -nk1,1 | tail - n10    //n用于数字排序，k可以选择输入中以空格为分隔符的咧来执行排序，

awk

cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user （.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort | uniq -c | awk '$1 == 1 && $2 ~ /^c.*e$/ {print $0}' | wc -l
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user （.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort | uniq -c | awk 'BEGIN { row = 0 } $1 == 1 && $2 ~ /^c.*e$/ {rows += 1} END { print rows }'

bc

echo '1+2' | bc -l