目录
1.时间戳
2.实例
1.首先创建ubuntu.log日志
2.写dem.awk创建规则
3.筛选
1.时间戳
一个能表示一份数据在某个特定时间之前已经存在的、 完整的、 可验证的数据,通常是一个字符序列,唯一地标识某一刻的时间。
awk提供了mktime()函数,它可以将时间转换成epoch时间值。
root@ubuntu1:~# awk 'BEGIN{print mktime("2023 08 03 09 12 40")}'
1691025160
可以取得日志中的时间字符串部分,再将它们的年、月、日、时、分、秒都取出来,然后放入mktime()构建成对应的epoch值。因为epoch值是数值,所以可以比较大小,从而决定时间的大小。
2.实例
下面实现的是将2019-11-10T03:42:40+08:00 格式的字符串转换成 epoch 值,然后和 which_time 比较大小,既可以筛选出精确到秒的日志。
操作过程
1.首先创建ubuntu.log日志
[2023-08-03T01:47:20.491Z] [ message] [vmsvc] [653] VMware Tools Version: 12.1.5.39265 (build-20735119)
[2023-08-03T01:47:20.493Z] [ message] [vmsvc] [653] Guest OS details: architecture='X86' bitness='64' distroName='Ubuntu 22.04.2 LTS' distroVersion='22.04' familyName='Linux' kernelVersion='5.19.0-50-generic' prettyName='Ubuntu 22.04.2 LTS'
[2023-08-03T01:47:20.491Z] [ message] [vmsvc] [653] Log caching is enabled with maxCacheEntries=4096.
[2023-08-03T01:47:20.493Z] [ message] [vmsvc] [653] Core dump limit set to -1
[2023-08-03T01:47:20.616Z] [ message] [vmsvc] [653] Cannot load message catalog for domain 'hgfsServer', language 'zh', catalog dir '/usr/share/open-vm-tools'.
[2023-08-03T01:47:20.616Z] [ message] [vmtoolsd] [653] Plugin 'hgfsServer' initialized.
[2023-08-03T01:47:20.616Z] [ message] [vix] [653] QueryVGAuthConfig: vgauth usage is: 1
[2023-08-03T01:47:20.616Z] [ message] [vmsvc] [653] Cannot load message catalog for domain 'vix', language 'zh', catalog dir '/usr/share/open-vm-tools'.
[2023-08-03T01:47:20.616Z] [ message] [vmtoolsd] [653] Plugin 'vix' initialized.
[2023-08-03T01:47:20.616Z] [ message] [vmsvc] [653] Cannot load message catalog for domain 'appInfo', language 'zh', catalog dir '/usr/share/open-vm-tools'.
[2023-08-03T01:47:20.616Z] [ message] [vmtoolsd] [653] Plugin 'appInfo' initialized.
[2023-08-03T01:47:20.616Z] [ message] [vmsvc] [653] Cannot load message catalog for domain 'componentMgr', language 'zh', catalog dir '/usr/share/open-vm-tools'.
[2023-08-03T01:47:20.616Z] [ message] [vmtoolsd] [653] Plugin 'componentMgr' initialized.
[2023-08-03T01:47:20.616Z] [ message] [vmsvc] [653] Cannot load message catalog for domain 'guestInfo', language 'zh', catalog dir '/usr/share/open-vm-tools'.
[2023-08-03T01:47:20.616Z] [ message] [vmtoolsd] [653] Plugin 'guestInfo' initialized.
[2023-08-03T01:47:20.616Z] [ message] [vmsvc] [653] Cannot load message catalog for domain 'powerops', language 'zh', catalog dir '/usr/share/open-vm-tools'.
[2023-08-03T01:47:20.616Z] [ message] [vmtoolsd] [653] Plugin 'powerops' initialized.
[2023-08-03T01:47:20.616Z] [ message] [resolutionCommon] [653] resolutionCheckForKMS: dlopen succeeded.
[2023-08-03T01:47:20.617Z] [ message] [resolutionCommon] [653] resolutionCheckForKMS: System support available for resolutionKMS.
[2023-08-03T01:47:20.617Z] [ message] [vmsvc] [653] Cannot load message catalog for domain 'resolutionKMS', language 'zh', catalog dir '/usr/share/open-vm-tools'.
[2023-08-03T01:47:20.617Z] [ message] [vmtoolsd] [653] Plugin 'resolutionKMS' initialized.
[2023-08-03T01:47:20.618Z] [ message] [vmsvc] [653] Cannot load message catalog for domain 'timeSync', language 'zh', catalog dir '/usr/share/open-vm-tools'.
[2023-08-03T01:47:20.618Z] [ message] [vmtoolsd] [653] Plugin 'timeSync' initialized.
[2023-08-03T01:47:20.618Z] [ message] [vmsvc] [653] Cannot load message catalog for domain 'vmbackup', language 'zh', catalog dir '/usr/share/open-vm-tools'.
[2023-08-03T01:47:20.618Z] [ message] [vmtoolsd] [653] Plugin 'vmbackup' initialized.
[2023-08-03T01:47:20.644Z] [ message] [vix] [653] VixTools_ProcessVixCommand: command 62
[2023-08-03T01:47:22.065Z] [ message] [vix] [653] VixTools_ProcessVixCommand: command 62
[2023-08-03T01:47:22.066Z] [ message] [vix] [653] ToolsDaemonTcloReceiveVixCommand: command 62, additionalError = 17
[2023-08-03T01:47:22.067Z] [ message] [vmsvc] [653] Executing script for state change 'OS_PowerOn'.
[2023-08-03T01:47:22.067Z] [ message] [powerops] [653] Executing script: '/etc/vmware-tools/poweron-vm-default'
[2023-08-03T01:47:24.440Z] [ message] [vmsvc] [653] Script exit code: 0, success = 1
2.写dem.awk创建规则
BEGIN{
#要筛选什么时间的日志,将其时间构建成epoch值
which_time = mktime("2023 08 03 07 20 40")
}
{
#取出日志的日期时间字符串部分
{ match($0,"^.*\\[(.*)\\].*",arr)
#将日期时间字符串转换为epoch值
tmp_time = strptime1(arr[1])
#通过比较epoch值来比较时间大小
if(tmp_time > wgich_time){print}
}
#构建的时间字符串格式为:“2019-11-10T03:42:40+08:00"
function strptime1(str ,arr,Y,M,D,H,m,S){
patsplit(str,arr,"[0-9]{1,4}")
Y=arr[1]
M=arr[2]
D=arr[3]
H=arr[4]
m=arr[5]
S=srr[6]
return mktime(sprintf("%s %s %s %s %s %s",Y,M,D,H,m,S))
}
3.筛选
