linux 日志处理-Macer-ChinaUnix博客

小武之家

首页　| 　博文目录　| 　关于我

Macer

博客访问： 275522
博文数量： 121
博客积分： 3050
博客等级：中校
技术积分： 1262
用户组：普通用户
注册时间： 2006-04-25 12:18

文章分类

全部博文（121）

chinse（5）
sun（12）
ibm（0）
hp（69）
huawei-3com（1）
cisco（1）
windwos（8）
oracle（10）
linux（10）
未分配的博文（5）

文章存档

2016年（3）

2011年（17）

2010年（34）

2009年（16）

2008年（40）

2007年（2）

2006年（9）

我的朋友

相关博文

linux 日志处理

分类：网络与安全

2016-08-18 17:07:11

近期做日志绕行的处理，上百台主机，实在手工整起来费事儿，干脆整个脚本试了一下，结果好像还行，程序生成的日志看起来那是一个漂亮呀！！！

具体过程如下：

[itmoni@hbwlan07 2014-11-12]$

[itmoni@hbwlan07 2014-11-12]$ ls

last_bin wtmp_asc_file wtmp_log.sh

[itmoni@hbwlan07 2014-11-12]$

[itmoni@hbwlan07 2014-11-12]$ date

Wed Nov 12 15:50:26 CST 2014

[itmoni@hbwlan07 2014-11-12]$

[itmoni@hbwlan07 2014-11-12]$ uname -a

Linux hbwlan07 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

[itmoni@hbwlan07 2014-11-12]$

[itmoni@hbwlan07 2014-11-12]$ more wtmp_log.sh

#!/bin/bash

File=wtmp_asc_file

begin_time=`date -d '2014-6-11 09:14' +%s`

end_time=`date -d '2014-11-11 16:00' +%s`

begin_session=30121

login_user=patrol

ipadd[1]=10.30.199.43

ipadd[2]=10.30.199.76

ipadd[3]=10.30.199.63

ipadd[4]=10.30.199.47

ipadd[5]=10.30.231.63

ipadd[6]=10.30.231.53

ipadd[7]=10.30.231.45

ipadd[8]=10.30.231.43

ipadd[9]=10.30.231.16

function random()

{

min=$1

max=$2-$1

num=`echo $RANDOM`

((retnum=num%max+min))

echo $retnum

}

while [ $begin_time -le $end_time ]

#user operation time 5min to 60 min

usetime=$(random 300 3600)

#user login time skip 1hour to 3hour

loginskip=$(random 3700 11800)

#user PTS 1 to 10

pts=$(random 1 10)

#login ip 1 to 9

ipuse=$(random 1 9)

login_time=`date +"%c CST" -d @$begin_time`

let begin_time=begin_time+usetime

login_out=`date +"%c CST" -d @$begin_time`

#[7] [10827] [ts/1] [patrol ] [pts/1 ] [10.26.108.162 ] [10.26.108.162 ] [Wed Nov 12 07:30:16 2014 CST]

#[8] [10827] [ ] [ ] [pts/1 ] [ ] [0.0.0.0 ] [Wed Nov 12 07:33:32 2014 CST]

echo "[7] ["$begin_session"] [ts/"$pts"] ["$login_user" ] [pts/"$pts" ] ["$ipadd" ] ["$ipadd" ] ["$login_time"]">>$File

echo "[8] ["$begin_session"] [ ] [ ] [pts/"$pts" ] [ ] [0.0.0.0 ] ["$login_out"]">>$File

let begin_time=begin_time+loginskip

let begin_session=begin_session+1

done

[itmoni@hbwlan07 2014-11-12]$

[itmoni@hbwlan07 2014-11-12]$ ./wtmp_log.sh

[itmoni@hbwlan07 2014-11-12]$

[itmoni@hbwlan07 2014-11-12]$ ls -l

total 312

-rw-rw-r-- 1 itmoni itmoni 310423 Nov 12 15:50 wtmp_asc_file

-rwxrwxr-x 1 itmoni itmoni 1500 Nov 12 15:46 wtmp_log.sh

[itmoni@hbwlan07 2014-11-12]$ utmpdump -r last_bin

Utmp undump of stdin

[itmoni@hbwlan07 2014-11-12]$

[itmoni@hbwlan07 2014-11-12]$ last -f last_bin |more

patrol pts/7 10.30.231.45 Tue Nov 11 15:37 - 16:36 (00:58)

patrol pts/8 10.30.231.43 Tue Nov 11 12:55 - 13:35 (00:39)

patrol pts/5 10.30.231.45 Tue Nov 11 10:48 - 11:37 (00:49)

patrol pts/8 10.30.231.45 Tue Nov 11 07:54 - 08:14 (00:19)

patrol pts/2 10.30.199.76 Tue Nov 11 06:04 - 06:37 (00:32)

patrol pts/2 10.30.199.63 Tue Nov 11 04:12 - 04:30 (00:18)

patrol pts/9 10.30.199.43 Tue Nov 11 01:45 - 02:17 (00:32)

patrol pts/2 10.30.231.53 Mon Nov 10 23:36 - 23:54 (00:17)

patrol pts/1 10.30.199.63 Mon Nov 10 20:21 - 20:39 (00:18)

patrol pts/2 10.30.199.47 Mon Nov 10 18:24 - 19:10 (00:46)

patrol pts/7 10.30.199.47 Mon Nov 10 15:15 - 15:23 (00:08)

patrol pts/7 10.30.231.45 Mon Nov 10 11:16 - 12:15 (00:58)

patrol pts/7 10.30.199.76 Mon Nov 10 07:48 - 08:44 (00:55)

patrol pts/5 10.30.231.63 Mon Nov 10 04:19 - 04:51 (00:31)

patrol pts/1 10.30.231.63 Mon Nov 10 00:43 - 01:25 (00:41)

patrol pts/5 10.30.231.45 Sun Nov 9 22:52 - 23:30 (00:37)

patrol pts/8 10.30.199.47 Sun Nov 9 20:06 - 21:05 (00:58)

patrol pts/1 10.30.231.63 Sun Nov 9 18:40 - 19:04 (00:24)

patrol pts/4 10.30.231.43 Sun Nov 9 15:55 - 16:34 (00:39)

patrol pts/6 10.30.231.63 Sun Nov 9 13:32 - 14:01 (00:29)

patrol pts/5 10.30.199.43 Sun Nov 9 10:21 - 10:50 (00:28)

patrol pts/6 10.30.231.63 Sun Nov 9 07:38 - 08:35 (00:57)

patrol pts/4 10.30.199.76 Sun Nov 9 05:47 - 06:11 (00:23)

patrol pts/2 10.30.199.76 Sun Nov 9 03:23 - 04:03 (00:40)

patrol pts/8 10.30.199.63 Sun Nov 9 00:36 - 00:57 (00:21)

patrol pts/1 10.30.199.63 Sat Nov 8 21:58 - 22:11 (00:12)

patrol pts/8 10.30.199.63 Sat Nov 8 20:00 - 20:34 (00:33)

patrol pts/2 10.30.199.47 Sat Nov 8 16:16 - 16:53 (00:36)

patrol pts/1 10.30.231.43 Sat Nov 8 14:44 - 15:10 (00:25)

patrol pts/3 10.30.199.47 Sat Nov 8 11:23 - 12:16 (00:53)

patrol pts/4 10.30.199.47 Sat Nov 8 07:40 - 08:36 (00:56)

patrol pts/3 10.30.231.43 Sat Nov 8 05:47 - 05:54 (00:06)

patrol pts/2 10.30.231.63 Sat Nov 8 03:30 - 04:14 (00:43)

patrol pts/2 10.30.199.43 Sat Nov 8 00:12 - 00:36 (00:23)

patrol pts/4 10.30.231.63 Fri Nov 7 21:33 - 22:11 (00:38)

patrol pts/2 10.30.231.53 Fri Nov 7 18:12 - 18:41 (00:28)

patrol pts/5 10.30.199.43 Fri Nov 7 15:06 - 15:57 (00:50)

patrol pts/2 10.30.231.45 Fri Nov 7 12:37 - 12:48 (00:11)

patrol pts/2 10.30.199.47 Fri Nov 7 09:30 - 10:26 (00:56)

patrol pts/2 10.30.199.63 Fri Nov 7 06:38 - 07:12 (00:34)

patrol pts/5 10.30.231.53 Fri Nov 7 03:02 - 03:51 (00:48)

patrol pts/3 10.30.231.45 Fri Nov 7 01:27 - 01:49 (00:21)

patrol pts/3 10.30.199.76 Thu Nov 6 22:01 - 22:11 (00:10)

patrol pts/1 10.30.231.45 Thu Nov 6 19:45 - 20:34 (00:49)

patrol pts/7 10.30.199.63 Thu Nov 6 16:57 - 17:42 (00:45)

[itmoni@hbwlan07 2014-11-12]$ last -f last_bin |wc -l

1367

[itmoni@hbwlan07 2014-11-12]$

[itmoni@hbwlan07 2014-11-12]$ wc -l wtmp_asc_file

2730 wtmp_asc_file

[itmoni@hbwlan07 2014-11-12]$

阅读(272) | 评论(1) | 转发(0) |

上一篇：linux big disk

下一篇：没有了

给主人留下些什么吧！~~

王楠w_n2016-08-22 13:48:05

欢迎回归

回复 | 举报

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6