ssh 通过命令远程访问计算机
ssh tsp journalctl //查看系统日志,tsp是远程连接的计算机名称
ssh tsp journalctl | grep ssh //查看日志后,只选择有ssh的
ssh tsp journalctl | grep ssh | grep "disconnected from" //整个日志文件通过网络传到电脑,然 后通过本地选出只带ssh的,再进行挑选带有“disconnected from”的
ssh tsp 'journalctl | grep ssh | grep "disconnected from" ' | less //通过服务器进行数据挑选,less命令可以进行分页查看
ssh tsp 'journalctl | grep ssh | grep "disconnected from" ' > ssh.log //存到本地的ssh.log文件中
cat ssh.log | less //
sed
cat ssh.log | sed 's/.*Disconnected from//' | less //
cat ssh.log | sed 's/.*Disconnected from//' | less -head -n5 //提取前五行
echo 'aba' | sed 's/[ab]//' //ba
echo 'bba' | sed 's/[ab]//' //ba
echo 'bba' | sed 's/[ab]//g' //
echo 'bbac' | sed 's/[ab]//g' //c
echo 'bcbzac' | sed 's/[ab]//g' //czc
echo 'abcaba' | sed 's/\(ab\)*//g' //a
echo 'abcaba' | sed -E 's/(ab)*//g' //a
echo 'abcabac' | sed -E 's/(ab|bc)*//g' //cc
echo 'abcabbc' | sed -E 's/(ab|bc)*//g' //c
.* //greedy
echo 'Disconnected form invalid user Disconnected from 84.211' | sed 's/.*Disconnected from //' //84.211 Disconnected form invalid user Disconnected from 都删除了,匹配了两次
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user .*[0-9]+ port [0-9]+( \[preauth\])?$//'
//正则表达式打锚点(^和$),(|)是指的两个可以替换,后面的?表示0或1次
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user (.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | wc -l ///\2/是指()
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user (.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort //排序
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user (.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort | uniq //排序,其中重复的只进行一次打印
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user (.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort | uniq -c //排序,计算重复行次数并消除重复行
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user (.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort | uniq -c | sort -nk1,1 | tail - n10 //n用于数字排序,k可以选择输入中以空格为分隔符的咧来执行排序,
awk
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user (.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort | uniq -c | awk '$1 == 1 && $2 ~ /^c.*e$/ {print $0}' | wc -l
cat ssh.log | sed -E 's/^.*Disconnected from (invalid |authenticating )?user (.*) [0-9]+ port [0-9]+( \[preauth\])?$/\2/' | sort | uniq -c | awk 'BEGIN { row = 0 } $1 == 1 && $2 ~ /^c.*e$/ {rows += 1} END { print rows }'
bc
echo '1+2' | bc -l