今天追蹤的 一級屠豬士 大神解答使用awk技巧,這邊嘗試學習,發現想要ubuntu awk 取last 帳號跟時間會遇到以下問題。
下 last 資料長相如下
test@test:~$ last
test pts/0 172.25.48.1 Mon Sep 14 08:38 still logged in
test pts/2 172.25.48.1 Mon Sep 14 03:32 still logged in
test pts/1 172.25.48.1 Mon Sep 14 03:31 still logged in
test pts/1 172.25.48.1 Mon Sep 14 03:22 - 03:31 (00:08)
test pts/0 172.25.48.1 Mon Sep 14 03:00 - 03:39 (00:39)
test pts/0 172.25.48.1 Mon Sep 14 02:11 - 02:50 (00:38)
test pts/0 172.20.80.1 Sun Sep 13 11:34 - 17:02 (05:27)
test pts/0 172.20.80.1 Sun Sep 13 11:33 - 11:33 (00:00)
test tty1 Sun Sep 13 10:53 gone - no logout
reboot system boot 5.4.0-47-generic Sun Sep 13 10:53 still running
test pts/1 172.20.80.1 Wed Sep 9 08:39 - 11:52 (2+03:12)
test pts/0 172.20.80.1 Wed Sep 9 07:04 - 08:45 (01:40)
reboot system boot 5.4.0-47-generic Wed Sep 9 03:06 still running
reboot system boot 5.4.0-47-generic Wed Sep 9 03:04 still running
test tty1 Wed Sep 9 03:03 - crash (00:00)
reboot system boot 5.4.0-47-generic Wed Sep 9 03:03 still running
test pts/0 172.20.80.1 Wed Sep 9 03:02 - crash (00:01)
test tty1 Wed Sep 9 02:51 - crash (00:12)
reboot system boot 5.4.0-47-generic Wed Sep 9 02:50 still running
我想取得的資料
test Mon Sep 14 08:38
test Mon Sep 14 03:32
test Mon Sep 14 03:31
test Mon Sep 14 03:22
test Mon Sep 14 03:00
test Mon Sep 14 02:11
test Sun Sep 13 11:34
test Sun Sep 13 11:33
test Sun Sep 13 10:53
reboot Sun Sep 13 10:53
test Wed Sep 9 08:39
test Wed Sep 9 07:04
reboot Wed Sep 9 03:06
reboot Wed Sep 9 03:04
test Wed Sep 9 03:03
reboot Wed Sep 9 03:03
test Wed Sep 9 03:02
test Wed Sep 9 02:51
reboot Wed Sep 9 02:50
但實際我下以下指令 : last | awk '{print $1"\t"$4}'
test@test:~$ last | awk '{print $1"\t"$4}'
test Mon
test Mon
test Mon
test Mon
test Mon
test Mon
test Sun
test Sun
test Sep
reboot 5.4.0-47-generic
test Wed
test Wed
reboot 5.4.0-47-generic
reboot 5.4.0-47-generic
test Sep
reboot 5.4.0-47-generic
test Wed
test Sep
reboot 5.4.0-47-generic
wtmp Sep
更新
嘗試1 : 我這邊觀察到 awk $N 是以空白來做切分的原因導致
嘗試2 : linux - How ubuntu awk get last user and time data? - Stack Overflow
結果 : 我在這邊詢問到答案,但不能優雅解決 
Could you please try following, written and tested in GNU
awk.last | awk ' match($0,/.*pts/){ val=substr($0,RSTART,RLENGTH) sub(/ +pts/,"",val) match($0,/[a-zA-Z]{3} +[a-zA-Z]{3} +[0-9]{1,2} +[0-9]{2}:[0-9]{2}/) print val,substr($0,RSTART,RLENGTH) val="" }'In case you need output into nice looking alignment then pipe your
awkcommand output tocolumncommand.last | awk ' match($0,/.*pts/){ val=substr($0,RSTART,RLENGTH) sub(/ +pts/,"",val) match($0,/[a-zA-Z]{3} +[a-zA-Z]{3} +[0-9]{1,2} +[0-9]{2}:[0-9]{2}/) print val,substr($0,RSTART,RLENGTH) val="" }' | column -t
嘗試3 : 目前看到最優雅的解決方案 : last | awk -v FIELDWIDTHS='9 30 16' '{print $1 $3}'
test@test:~$ last | awk -v FIELDWIDTHS='9 30 16' '{print $1 $3}'
test Tue Sep 15 14:39
test Mon Sep 14 08:38
test Mon Sep 14 03:32
test Mon Sep 14 03:31
test Mon Sep 14 03:22
test Mon Sep 14 03:00
test Mon Sep 14 02:11
test Sun Sep 13 11:34
test Sun Sep 13 11:33
test Sun Sep 13 10:53
reboot Sun Sep 13 10:53
test Wed Sep 9 08:39
test Wed Sep 9 07:04
reboot Wed Sep 9 03:06
reboot Wed Sep 9 03:04
test Wed Sep 9 03:03
reboot Wed Sep 9 03:03
test Wed Sep 9 03:02
test Wed Sep 9 02:51
reboot Wed Sep 9 02:50
已邀請的邦友 {{ invite_list.length }}/5
我是不是來晚了?
last | gawk -F'[ ]{2,}' '{print $1"\t"$4}'
您好,不晚的
但這邊是我測試的結果,情況有變好,但還是有一些資料會跑版
test@test:~$ last | gawk -F'[ ]{2,}' '{print $1"\t"$4}'
test Mon Sep 14 08:38
test Mon Sep 14 03:32
test Mon Sep 14 03:31
test Mon Sep 14 03:22 - 03:31
test Mon Sep 14 03:00 - 03:39
test Mon Sep 14 02:11 - 02:50
test Sun Sep 13 11:34 - 17:02
test Sun Sep 13 11:33 - 11:33
test gone - no logout
reboot still running
test Wed Sep
test Wed Sep
reboot 9 03:06
reboot 9 03:04
test 9 03:03 - crash
reboot 9 03:03
test Wed Sep
test 9 02:51 - crash
reboot 9 02:50
你要的是不是這樣
last | awk '{if(NF==10) {print $1"\t"$4" "$5" "$6" "$7} if(NF==11) {print $1"\t"$5" "$6" "$7" "$8}}'
用NF判斷有幾欄。再去對應格式就好。這招再很多沒用tab定位!的輸出或是文件很好用。
iThome鐵人賽
看影片追技術