{"id":3571,"date":"2017-08-25T20:20:28","date_gmt":"2017-08-25T12:20:28","guid":{"rendered":"https:\/\/ixyzero.com\/blog\/?p=3571"},"modified":"2017-08-25T20:20:28","modified_gmt":"2017-08-25T12:20:28","slug":"linux%e4%b8%8b%e5%a6%82%e4%bd%95%e6%a0%b9%e6%8d%ae%e6%97%a5%e6%9c%9f%e5%88%87%e5%88%86%e6%97%a5%e5%bf%97%e6%96%87%e4%bb%b6%ef%bc%9f","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/3571.html","title":{"rendered":"Linux\u4e0b\u5982\u4f55\u6839\u636e\u65e5\u671f\u5207\u5206\u65e5\u5fd7\u6587\u4ef6\uff1f"},"content":{"rendered":"

=Start=<\/p>\n

\u7f18\u7531\uff1a<\/h4>\n

\u5b66\u4e60\u3001\u63d0\u9ad8\u9700\u8981<\/p>\n

\u6b63\u6587\uff1a<\/h4>\n

\u53c2\u8003\u89e3\u7b54\uff1a<\/h5>\n

\u4e4b\u524d\u5728\u5199\u67d0\u4e2adaemon\u7a0b\u5e8f\u65f6\u7528\u7684syslog()\u51fd\u6570\u8bb0\u5f55\u65e5\u5fd7\uff0c\u65f6\u95f4\u957f\u4e86\u4e4b\u540e\u5c31\u4f1a\u4ea7\u751f\u5f88\u591a\u65e5\u5fd7\uff0c\u4e00\u4e2a\u6708\u4e0b\u6765\u7684\u65e5\u5fd7\u63a5\u8fd11.6G\uff0c\u5c31\u60f3\u7740\u6309\u65e5\u671f\u5207\u5206\u4e00\u4e0b\uff0c\u65b9\u4fbf\u8fdb\u884c\u7ec6\u7c92\u5ea6\u7684\u5206\u6790\u548c\u7edf\u8ba1\u3002\u4e4b\u524d\u60f3\u7740\u7528Python\u5199\u4e2a\u7a0b\u5e8f\u8fdb\u884c\u5207\u5206\uff0c\u4f46\u60f3\u4e86\u60f3\u597d\u50cf\u8fd8\u6ca1\u90a3\u4e48\u7b80\u5355\uff0c\u5c31\u5148\u5728\u7f51\u4e0a\u627e\u4e86\u5176\u5b83\u65b9\u5f0f\u7684\u5b9e\u73b0\uff0c\u540e\u6765\u81ea\u5df1\u4e5f\u5199\u4e86\u4e00\u4e2aPython\u7248\u672c\u7684\u5b9e\u73b0\uff0c\u611f\u89c9\u8fd8\u884c\u5427\uff08\u5c31\u662f\u597d\u4e45\u6ca1\u5199Python\u4e86\u4e00\u4e9b\u8bed\u6cd5\u90fd\u751f\u758f\u4e86\u3002\u3002\u3002\uff09\u3002<\/p>\n

\n
\u7528awk\u6309\u65e5\u671f\u5207\u5206syslog\u65e5\u5fd7<\/b><\/div>\n
\n
\n
#\u8fd9\u91cc \/var\/log\/monitor.log \u65e5\u5fd7\u7684\u683c\u5f0f\u5c31\u662f\u5e38\u89c4\u7684 syslog \u65e5\u5fd7\u683c\u5f0f\uff0c\u5373\uff1a\r\n#Jul\u00a025\u00a010:56:33\u00a0sec-test monitor: EXEC:[pid=21546, path=\/bin\/cat, mode=100755, cmdline=cat \/var\/log\/monitor.log, uid=0, euid=0, gid=0, egid=0, sid=17074, owner_uid=0, owner_gid=0, file_mtime=1394622735]\r\n\u00a0\r\nawk 'BEGIN {\r\n\u00a0\u00a0\u00a0\u00a0split(\"Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec \", months,\u00a0\" \")\r\n\u00a0\u00a0\u00a0\u00a0for\u00a0(a =\u00a01; a <=\u00a012; a++)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0m[months[a]] = a\r\n}\r\n{\r\n\u00a0\u00a0\u00a0\u00a0year =\u00a02017\r\n\u00a0\u00a0\u00a0\u00a0month = sprintf(\"%02d\", m[$1])\r\n\u00a0\u00a0\u00a0\u00a0day = sprintf(\"%02d\", $2)\r\n\u00a0\r\n\u00a0\u00a0\u00a0\u00a0print > FILENAME\"-\"year\"\"month\"\"day\r\n}' \/var\/log\/monitor.log<\/pre>\n<\/div>\n<\/div>\n<\/div>\n
&<\/p>\n
\n
\u7528Python\u6309\u65e5\u671f\u5207\u5206syslog\u65e5\u5fd7<\/b><\/div>\n<\/div>\n
#!\/usr\/bin\/env python\r\n# coding=utf-8\r\n\r\nimport sys, time\r\n\r\nday_dict = {}\r\nmonth_dict = {\r\n\t'Jan': 1,\r\n\t'Feb': 2,\r\n\t'Mar': 3,\r\n\t'Apr': 4,\r\n\t'May': 5,\r\n\t'Jun': 6,\r\n\t'Jul': 7,\r\n\t'Aug': 8,\r\n\t'Sep': 9,\r\n\t'Oct': 10,\r\n\t'Nov': 11,\r\n\t'Dec': 12,\r\n}\r\n\r\n# msg_size = 10*1024*1024    # 10MB\r\nmsg_write = 0\r\n\r\ndef main():\r\n    # for k in month_dict:\r\n    #     print '{0}({1})\\t{2:02d}({3})'.format(k, type(k), month_dict[k], type(month_dict[k]))\r\n\r\n    if len(sys.argv) < 2:\r\n        print 'Usage:\\n\\t{0} filename\\n'.format(sys.argv[0])\r\n        sys.exit(0)\r\n    file = sys.argv[1]\r\n    with open(file) as fp:\r\n        msg_size = 0\r\n        for line in fp:\r\n            line = line.strip()\r\n            if line:\r\n                month, day, _ = line.split(' ', 2)\r\n                if line[:6] in day_dict:\r\n                    day_dict[line[:6]].append(line)\r\n                    msg_size += len(line)\r\n                    if msg_size >= 10*1024*1024:\r\n                        # print type(month_dict[month]), type(day); sys.exit(0)\r\n                        with open('{0}-{1:02d}{2}'.format(file, month_dict[month], day.zfill(2)), 'ab') as fp_w:\r\n                            fp_w.write('\\n'.join(day_dict[line[:6]]))\r\n                        print 'write {0} bytes to {1}.\\n'.format(msg_size, '{0}-{1:02d}{2}'.format(file, month_dict[month], day.zfill(2)))\r\n                        day_dict[line[:6]] = []\r\n                        msg_size = 0\r\n                else:\r\n                    day_dict[line[:6]] = [line, ]\r\n        for key in day_dict:\r\n            print key\r\n            # print '\"{0}\", \"{1}\"'.format(key[:3], key.split(' ', 1)[1].zfill(2))\r\n            # print type(key[:3]), type(key.split()[-1]); sys.exit(0)\r\n            with open('{0}-{1:02d}{2}'.format(file, month_dict[key[:3]], key.split()[-1].zfill(2)), 'ab') as fp_w:\r\n                fp_w.write('\\n'.join(day_dict[key]))\r\n\r\nif __name__ == '__main__':\r\n    time_start = time.time()\r\n    try:\r\n        main()\r\n    except KeyboardInterrupt:\r\n        print 'Killed by user'\r\n        sys.exit(0)\r\n    print \"Spend {0} seconds.\\n\".format(time.time() - time_start)<\/pre>\n
 <\/p>\n
\u53c2\u8003\u94fe\u63a5\uff1a<\/h5>\n
https:\/\/stackoverflow.com\/questions\/11687054\/split-access-log-file-by-dates-using-command-line-tools<\/a>\u00a0#\u6839\u636e\u65e5\u671f\u5207\u5206access.log\u6587\u4ef6
\nhttps:\/\/stackoverflow.com\/questions\/11713978\/how-to-split-existing-apache-logfile-by-month<\/a>\u00a0#\u6839\u636e\u6708\u4efd\u5207\u5206access.log\u6587\u4ef6
\nhttps:\/\/unix.stackexchange.com\/questions\/274314\/split-large-log-file-into-pieces-based-on-date<\/a>
\nhttps:\/\/askubuntu.com\/questions\/826907\/split-log-file-by-date<\/a><\/p>\n
https:\/\/superuser.com\/questions\/439688\/how-to-grep-a-log-file-within-a-specific-time-period<\/a>
\nhttps:\/\/serverfault.com\/questions\/101744\/fast-extraction-of-a-time-range-from-syslog-logfile<\/a>\u00a0#Python\u4ee3\u7801\u672a\u6d4b\u8bd5<\/p>\n
=END=<\/p>\n","protected":false},"excerpt":{"rendered":"
=Start= \u7f18\u7531\uff1a \u5b66\u4e60\u3001\u63d0\u9ad8\u9700\u8981 \u6b63\u6587\uff1a \u53c2\u8003\u89e3\u7b54\uff1a \u4e4b\u524d\u5728\u5199\u67d0\u4e2adaemon\u7a0b\u5e8f\u65f6\u7528\u7684syslog() […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,11,7,12],"tags":[74,30,8,357],"class_list":["post-3571","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-linux","category-programing","category-tools","tag-awk","tag-linux","tag-python","tag-split"],"views":7291,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3571","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=3571"}],"version-history":[{"count":2,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3571\/revisions"}],"predecessor-version":[{"id":3583,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3571\/revisions\/3583"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=3571"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=3571"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=3571"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}