0

I current facing a problem. When I open the dnsmasq log, it looks like this:

Jun 10 17:50:00 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:00 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:21 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:21 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:31 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:31 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:37 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:37 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:40 dnsmasq[21796]: query[A] zyx.qq.com from 115.34.22.160
Jun 10 17:50:40 dnsmasq[21796]: forwarded zyx.qq.com to 114.114.114.114
Jun 10 17:50:40 dnsmasq[21796]: forwarded zyx.qq.com to 223.5.5.5
Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 123.151.43.51
Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 183.60.62.158
Jun 10 17:50:40 dnsmasq[21796]: reply zyx.qq.com is 113.108.1.90
Jun 10 17:50:42 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:42 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:52 dnsmasq[21796]: query[A] isatap.lan from 115.34.22.160
Jun 10 17:50:52 dnsmasq[21796]: cached isatap.lan is NXDOMAIN-IPv4
Jun 10 17:50:58 dnsmasq[21796]: query[A] ic.wps.cn from 115.34.22.160
AND ETC.

It's very difficult for us to analyze it. Anybody have a idea to only show the queried domain which should be like this?

isatap.lan
zyx.qq.com
ic.wps.cn
AND ETC.

However I tried this: http://www.tannerwilliamson.com/analyzing-dnsmasq-log-with-awk/1610/

and its output i like this:

root@VM-208-178-ubuntu:/home# awk -f /home/dnsmasq.awk /var/log/dnsmasq.log | less
                                     name |      nb    |  forwarded |  answered from cache
                                irs01.net |         1  |         1  |         0
 927662-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.ffdns.net |         1  |         1  |         0
                         blog.sina.com.cn |         4  |         4  |         1
 927655-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn |         1  |         1  |         0
                            www.baidu.com |         2  |         2  |         0
*               careers.stackoverflow.com |        10  |        13  |         0
                blender.stackexchange.com |         2  |         2  |         0
 974449-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn |         1  |         1  |         0
                      img.iknow.bdimg.com |         2  |         1  |         1
*                           smarterer.com |         2  |         3  |         0
                          a.disquscdn.com |         1  |         1  |         0
 927648-0-2081296634-261190004.ns.124-14-16-250-ns.dns-spider.myxns.cn |         1  |         1  |         0
                physics.stackexchange.com |         6  |         5  |         4
*                area51.stackexchange.com |         2  |         3  |         0
                  iknow02.bosstatic.bdimg.com |         2  |         1  |         1
                       passport.baidu.com |         1  |         1  |         0
                    webapps.stackexchange.com |         5  |         4  |         4

It's little bit different from what I want. Anybody could help me? Thanks for the help!

4

1 に答える 1

0

awkあなたが示したログファイルがそのまま残っていれば、これには簡単なスクリプトで十分かもしれません。

awk '!seen[$6]++ {print $6}' file

出力は次のように生成されます

ic.wps.cn
isatap.lan
zyx.qq.com

ロジックは単純で、6 列目の各エントリを解析して配列に追加しseen、要素が以前に表示されていない場合にのみ要素を出力します。

PS ログファイル内の列の順序が将来変更されるawk可能性がある場合、結果を取得するために列のインデックスに完全に依存しているため、コマンドが機能しない可能性があります。

于 2016-06-10T10:12:29.263 に答える