Linux uniq命令的用法(附带实例)
uniq 是用来取消重复行的命令,其和“sort-u”选项类似,但是可以统计重复行出现的次数,命令格式如下:
假设在系统中出现了大量错误登录的日志记录,我们就可以使用 grep 命令找到错误登录的日志记录,然后使用 sort 命令对所找到的错误登录记录进行排序,再可以使用 uniq 命令加入“-c”选项取消重复出现的行,并统计重复行出现的次数。
例如:
如果只是需要取消重复,那么执行 sort -u 即可。但如果想要取消重复并统计重复出现的次数,就需要先对命令执行结果进行排序,再对排序的结果取消重复,因为对于 uniq 命令来说,不连续的重复是不会取消的。
[root@localhost ~]# uniq [选项] 文件名选项:
- -c:统计重复行出现的次数;
- -i:忽略大小写。
假设在系统中出现了大量错误登录的日志记录,我们就可以使用 grep 命令找到错误登录的日志记录,然后使用 sort 命令对所找到的错误登录记录进行排序,再可以使用 uniq 命令加入“-c”选项取消重复出现的行,并统计重复行出现的次数。
例如:
[root@localhost ~]# grep "Failed password" /var/log/secure
Feb 19 15:35:44 localhost sshd[1098]: Failed password for user1 from 192.168.5.1 port 61933 ssh2
Feb 19 15:35:44 localhost sshd[1098]: Failed password for user1 from 192.168.5.1 port 61933 ssh2
Feb 19 15:35:52 localhost sshd[1100]: Failed password for root from 192.168.5.1 port 61934 ssh2
Feb 19 15:35:52 localhost sshd[1100]: Failed password for root from 192.168.5.1 port 61934 ssh2
Feb 19 15:35:52 localhost sshd[1100]: Failed password for root from 192.168.5.1 port 61934 ssh2
Feb 19 15:35:53 localhost sshd[1100]: Failed password for root from 192.168.5.1 port 61934 ssh2
Feb 19 15:36:13 localhost sshd[1109]: Failed password for rc from 192.168.5.1 port 61935 ssh2
Feb 19 15:36:20 localhost sshd[1111]: Failed password for user1 from 192.168.5.1 port 61936 ssh2
Feb 19 15:36:20 localhost sshd[1111]: Failed password for user1 from 192.168.5.1 port 61936 ssh2
Feb 19 15:36:22 localhost sshd[1111]: Failed password for user1 from 192.168.5.1 port 61936 ssh2
Feb 19 15:36:27 localhost sshd[1113]: Failed password for rc from 192.168.5.1 port 61938 ssh2
Feb 19 15:36:27 localhost sshd[1113]: Failed password for rc from 192.168.5.1 port 61938 ssh2
Feb 19 15:36:36 localhost sshd[1115]: Failed password for root from 192.168.5.1 port 61940 ssh2
Feb 19 15:36:37 localhost sshd[1115]: Failed password for root from 192.168.5.1 port 61940 ssh2
Feb 19 15:36:37 localhost sshd[1115]: Failed password for root from 192.168.5.1 port 61940 ssh2
Feb 19 15:36:37 localhost sshd[1115]: Failed password for root from 192.168.5.1 port 61940 ssh2
#grep 命令在日志文件中以“Failed password”为关键字查找错误登录的记录
[root@localhost ~]# grep "Failed password" /var/log/secure | \
awk '{print $9 "\t" $11}'
user1 192.168.5.1
user1 192.168.5.1
root 192.168.5.1
root 192.168.5.1
root 192.168.5.1
root 192.168.5.1
rc 192.168.5.1
user1 192.168.5.1
user1 192.168.5.1
user1 192.168.5.1
user1 192.168.5.1
rc 192.168.5.1
rc 192.168.5.1
root 192.168.5.1
root 192.168.5.1
root 192.168.5.1
# 使用 awk 截取第九列为错误登录用户名,截取第十一列为错误登录 IP 地址
如果只是需要取消重复,那么执行 sort -u 即可。但如果想要取消重复并统计重复出现的次数,就需要先对命令执行结果进行排序,再对排序的结果取消重复,因为对于 uniq 命令来说,不连续的重复是不会取消的。
[root@localhost ~]# grep "Failed password" /var/log/secure | awk '{print $9 "\t" $11}' | sort | uniq -c
4 rc 192.168.5.1
9 root 192.168.5.1
6 user1 192.168.5.1
# 排序后取消重复并统计重复出现的次数
ICP备案:
公安联网备案: