Untitled

awk
Created Saturday 11 May 2013

------------------------------------------------------------------------------------------------
Output Separators
------------------------------------------------------------------------------------------------
As mentioned previously, a print statement contains a list of items separated by commas. In the output, the items are normally separated by single spaces. However, this doesn’t need to be the case; a single space is simply the default. Any string of characters may be used as the output field separator by setting the predefined variable OFS. The initial value of this variable is the string " " (i.e., a single space).
The output from an entire print statement is called an output record. Each print statement outputs one output record, and then outputs a string called the output record separator (or ORS). The initial value of ORS is the string "\n" (i.e., a newline character). Thus, each print statement normally makes a separate line.
In order to change how output fields and records are separated, assign new values to the variables OFS and ORS. The usual place to do this is in the BEGIN rule (see BEGIN/END), so that it happens before any input is processed. It can also be done with assignments on the command line, before the names of the input files, or using the -v command-line option (see Options). The following example prints the first and second fields of each input record, separated by a semicolon, with a blank line added after each newline:
------------------------------------------------------------------------------------------------
EXAMPLE
$ awk 'BEGIN { OFS = ";"; ORS = "\n\n" }
> { print $1, $2 }' mail-list
-| Amelia;555-5553
-|
-| Anthony;555-3412
-|
-| Becky;555-7685
------------------------------------------------------------------------------------------------
USING GSUB TO SEARCH/REPLACE STRINGS
IN THIS EXAMPLE I AM REMOVING "double quote" and commas
curl -s http://hgfix.net/paste/view/raw/708cd7c5 | awk '{ gsub ("\"|,",""); print }'
------------------------------------------------------------------------------------------------
for i in 123456 admin123 info123 test password ; do awk -F : -v i="$i" '{OFS="\t";split($0, f, "$");p="openssl passwd -1 -salt "f[3]" "i;if(p|getline o);split(o, q, "$");m=match($0,q[4]);}m!=0{print$1,i}' shadow ; done

for i is passing serveral variables in a loop
awk sets a delimiter : and then defines the variable i=$i then we set the output field seperator to \t(tab) and perform a split on the entire line $0 where f is the array and "$" is the delimiter
the "p" variable is performing an openssl passwd -1 -salt on the array[3] (here is an example line admin:$1$GK3i7sYW$bH1.QzR9izDa3eRqboRcL/:15916:::::: )
since our split is of the entire line "$0" with an additional delimiter set as "$" which would provide the string GK3i7sYW from the example above then " " providing a space and finally i which would be (123456 admin123 info123 test password)
to better understand I will provide the output being ran in this command below:
openssl passwd -1 -salt GK3i7sYW admin123
$1$GK3i7sYW$bH1.QzR9izDa3eRqboRcL/
---------------------------------
now we perform an if $p getline which would get the output above and set it to variable "o"
we do a split on variable "o" where o is the entire line ( $1$GK3i7sYW$bH1.QzR9izDa3eRqboRcL/ ) q is the array and "$" is the delimiter
afterwords we define "m" to perform a match on ($0,q[4]) where $0 is the entire line ( admin:$1$GK3i7sYW$bH1.QzR9izDa3eRqboRcL/:15916:::::: ) and q is "QzR9izDa3eRqboRcL/"
if m does not equal 0 ( meaning a match is found or true ) we print $1 of the entire line ( admin:$1$GK3i7sYW$bH1.QzR9izDa3eRqboRcL/:15916:::::: ) which would be "admin
and $i which is one of our variables set at the very beginning of our command ( 123456 admin123 info123 test password ) in this case a match was found on admin123
------------------------------------------------------------------------------------------------
CONVERT UNIX TIMESTAMP TO HUMAN READABLE
awk '{$2=strftime("%Y-%m-%d %H:%M:%S", $2); print $0}'
------------------------------------------------------------------------------------------------
CONVERT UNIX TIME STAMP FROM BASH HISTORY FILE
awk -F- '{x=$1;sub(/^\#/,"",$1);sub(/#.*/,strftime("#%Y-%m-%d %H:%M:%S",$1),x);$1=x;}1' ~/.bash_history
------------------------------------------------------------------------------------------------
EXAMPLE STRING MATCHING AND USING SUB
awk -F, '{x=$1;sub(/^\#/,"",$1);sub(/#.*/,strftime("#%Y-%m-%d %H:%M:%S",$1),x);$1=x;}1' time_log
------------------------------------------------------------------------------------------------
time_log
#1394663100
cd public_html/
#1394663104
nano wp-config.php
#1394663115
ll
#1394663162
exit
------------------------------------------------------------------------------------------------
#2014-03-12 17:25:00
cd public_html/
#2014-03-12 17:25:04
nano wp-config.php
#2014-03-12 17:25:15
ll
#2014-03-12 17:26:02
exit
---------------------------------
Example:
grep bhabin /var/log/mysql_queries.log | awk '{$2=strftime("%Y-%m-%d %H:%M:%S", $2); print $0}'
[ 2017-03-14 01:51:01 ] [ bhabin_wrdp31 ] [ 3570009 ] [ 134 ] [ bhabin_wrdp31 ] [ Sleep ] [ KILLED ] [ ] [ ]
[ 2017-03-25 02:00:01 ] [ bhabin_wrdp31 ] [ 7173763 ] [ 103 ] [ bhabin_wrdp31 ] [ Sleep ] [ KILLED ] [ ] [ ]
[ 2017-03-26 04:36:01 ] [ bhabin_wrdp26 ] [ 7530669 ] [ 109 ] [ bhabin_wrdp26 ] [ Sleep ] [ KILLED ] [ ] [ ]
[ 2017-03-26 04:51:01 ] [ bhabin_wrdp26 ] [ 7533318 ] [ 68 ] [ bhabin_wrdp26 ] [ Sleep ] [ KILLED ] [ ] [ ]
[ 2017-03-27 11:03:01 ] [ bhabin_wrdp38 ] [ 7987001 ] [ 81 ] [ bhabin_wrdp38 ] [ Sleep ] [ KILLED ] [ ] [ ]
[ 2017-03-28 02:27:01 ] [ bhabin_wrdp26 ] [ 8252842 ] [ 96 ] [ bhabin_wrdp26 ] [ Sleep ] [ KILLED ] [ 'cloud1028.hostgator.com' ] [ ]
[ 2017-03-28 07:30:01 ] [ bhabin_wrdp26 ] [ 8311080 ] [ 92 ] [ bhabin_wrdp26 ] [ Sleep ] [ KILLED ] [ ] [ ]

------------------------------------------------------------------------------------------------
jcook:~/Documents/QA/AuditsInProgress/2017-01-19$ curl -s http://hgfix.net/paste/view/raw/9e9b7145 |grep -oP '\d+\s.*(?=01\/\d{2}\/2017)' | sort -k1,1 -u | awk 'BEGIN { OFS = ","}$1 ~ /[0-9]{8}/{tid=$1}{if (match($0, /([0-9]{2}:){2}[0-9]{2}/,tit)) print tid,tit[0]}' > restore_contact_drivers.csv
------------------------------------------------------------------------------------------------
MATCH FIELD ONE "docroot" If the NR variable is equal to 1, then it sends the first line as the argument to printf; else it sends a comma concatenated with the current line.
(so if is the first part with ? as the delimiter to identify the then statement, and the : is the delimiter to identify the else statement)
When the first line is seen (NR == 1), only it is printed; otherwise a comma and the line are sent as arguments to printf.
This solution uses AWK's ternary operator ?:, that is:
NR == 1 ? $0 : ","$0
curl -s http://hgfix.net/paste/view/raw/10673f0a | awk '$1=="docroot" {printf("%s", NR == 1 ? $2 : ","$2);} END {printf("\n");}'
------------------------------------------------
EXAMPLE TEXT
docroot /home4/b0y4o3s3/public_html/basic.wwus.net
domain basic.wwus.net
docroot /home4/b0y4o3s3/public_html/basic.wwus.net
domain basicw.fun2fart.com
docroot /home4/b0y4o3s3/public_html/biz.wwus.net
------------------------------------------------
EXAMPLE OUTPUT
/home4/b0y4o3s3/public_html/basic.wwus.net,/home4/b0y4o3s3/public_html/basic.wwus.net,/home4/b0y4o3s3/public_html/biz.wwus.net,/home4/b0y4o3s3/public_html/biz.wwus.net,/home4/b0y4o3s3/public_html/hg.wwus.net,/home4/b0y4o3s3/public_html/hg1.wwus.net,/home4/b0y4o3s3/public_html/hg1.wwus.net,/home4/b0y4o3s3/public_html/hg.wwus.net,/home4/b0y4o3s3/public_html/pro.wwus.net,/home4/b0y4o3s3/public_html/pro.wwus.net,/home4/b0y4o3s3/public_html/test
------------------------------------------------------------------------------------------------
WILL MATCH FIELD ONE "ADDON_ID" AND IF ANYTHING ON EACH RECORD MATCHES "Could\ not\ add\ zone\ record|CSR\ validation|No\ CSR\ defined" ASSIGN IT TO err THEN PRINT id,err [ARRAY]
------------------------------------------------------------------------------------------------
curl -s http://hgfix.net/paste/view/raw/b3327a0f | awk '$1=="ADDON_ID"{id=$2}{ if (match($0,/Could\ not\ add\ zone\ record|CSR\ validation|No\ CSR\ defined/,err)) print id,err[0] }'
------------------------------------------------------------------------------------------------
FIND ALL LOGS WITH Dec-2016.gz, USE ZCAT PIPED TO AWK TO READ THE FILE CONTENT ALSO DEFINING FILE AS F TO PRINT WHERE COLUMN 4 MATCH DATE AND COLUMN 7 MATCHES xmlrpc THEN GET A COUNT AND PIPE BACK TO AWK TO ONLY PRINT COUNT GREATER THAN 1000
------------------------------------------------------------------------------------------------
find /home/*/logs -type f -name "*Dec-2016.gz" -print | while read FILE ; do zcat "$FILE" | awk -v F="$FILE" '$4 ~ /12\/Dec\/2016/ && $7 ~/xmlrpc/{ print F }' | uniq -c |awk '$1 > 1000 {print}';done
------------------------------------------------
EXAMPLE OUTPUT:
1449 /home/madredel/logs/madredellachiesa-settimo.it-Dec-2016.gz
6018 /home/webstari/logs/web-star.info-Dec-2016.gz
------------------------------------------------------------------------------------------------
LOCATING ALL EMAIL ACCOUNTS. USING DELIMITER ":" AND @ AS THE OFS THEN SPLIT FILENAME INTO AN ARRAY WITH DELIMITER "/" OUTPUTING FIELD "2"
------------------------------------------------------------------------------------------------
awk -F : '{OFS="@";split(FILENAME, d, "/"); print$1,d[2]}' etc/*/shadow
info@propheticcenter.net
sandralugo@propheticcenter.net
sandra@propheticcenter.net
events@propheticcenter.net
prayer@propheticcenter.net
orderdept@propheticcenter.net
insync@propheticcenter.net
membership@propheticcenter.net
kingdomconnections@propheticcenter.net
------------------------------------------------------------------------------------------------
TRYING TO FIGURE OUT HELP HOURS FOR AGENT, SO COPIED CHART RESULTS OF HH PAGE OUTPUT TO TEXT FILE AND RAN FOLLOWING
https://inet.houston.hostgator.com:8443/?gnet_pid=29&p=1479708000&e=10700&m=0&uf=0&ns=0
SNIPPET : http://hgfix.net/paste/view/raw/498c9b6b
sum_min += $4 this means add up all values in column 4 and assign the output to sum_min
sum_hour=int(hours+(sum_min/60) i had to use int here because, by default, awk numbers are always floating point
awk -F "[\t:]" '{OFS=":"}$1!~/[A-Za-z]+/{sum_min += $4;min=sum_min%60;hours+=$3;sum_hour=int(hours+(sum_min/60))}END{print sum_hour,min}' hh_checker
2:37
------------------------------------------------------------------------------------------------
STRING MATCH 0-9 WITH 3-5 CHARACTERS FOR COLUMN ( FILE OWNERSHIP ) IN MAIL
ls -lhc /home*/*/mail/ | awk '$3~/[0-9]{3,5}/{print$0}'
------------------------------------------------------------------------------------------------
AWK MATCH A STRING
for i in `find / -type f -name '*.c' -exec grep -l mysql {} \; | awk '/\/include\// {print}'`; do dirname $i; done
------------------------------------------------------------------------------------------------
DEFINE FIELDS USING MATCH STRING ON TWO SEPERATE LINES ONLY PRINTING IF BOTH RETURN A VALUE THEN UNSETTING THEM THEN PRINTING THE OUTPUT ON A SINGLE LINE
curl -s http://hgfix.net/paste/view/raw/75dfc19d | awk '$1=="docroot"{dr=$2}$1=="domain"{dom=$2}dr&&dom{print dr,dom;dr=dom=0}'|while read docroot domain; do echo "Docroot: $docroot :: Domain: $domain";done
------------------------------------------------------------------------------------------------
ADDING UP BANDWIDTH TOTAL FOR USER FROM MAIL LOGS
grep vcshaeffer@kiskipby.org /var/log/maillog | grep -oP '(?<=bytes=)\S*' | awk 'BEGIN {FS = "/"} ; {sum+=$1; sum2+=$2} END {print "IN",sum/1024/1024,"MB","\n""OUT",sum2/1024/1024,"MB"}'
------------------------------------------------------------------------------------------------
USING PRINTF WITH ARGUMENTS
grep "Created\ Ticket" vps_dedi_empowerment_escalations.csv | awk -F, '{printf("%s,%s,%s\n",$1,$2,$3)}' | sort -k1
------------------------------------------------------------------------------------------------
FILTER OUTPUT USING GREATER THAN/LESS THAN
------------------------------------------------------------------------------------------------
FIND COLUMN 5 GREATER THAN 141 AND PRINT COLUMN 7
EXAMPLE: awk '$5 <= 141 { print $7}' /opt/hgmods/kill_imap.log | grep ttchildren.org | sort | uniq -c | sort -rn
------------------------------------------------
FIND WHERE COLUMN 9 IS LESS THAN COLUMN 10 PRINT 1,2 AND 9
EXAMPLE: awk '$9 < 10 {print $1,$2,$9}'
------------------------------------------------------------------------------------------------
STRING MATCH A FIELD
------------------------------------------------------------------------------------------------
MATCH FIELD 7 PRINT COLUMN 5
EXAMPLE: awk 'match($7, /200/){print $5}'
------------------------------------------------------------------------------------------------
STRING MATCH SEARCHING THE ENTIRE LINE, THEN PRINT OUT COLUMN 1 AS WELL THE MATCHING STRING AND EVERYTHING FOLLOWING
------------------------------------------------------------------------------------------------
awk 'match($0, /Mozilla.*$/){print $1,substr($0,RSTART,RLENGTH)}'
------------------------------------------------------------------------------------------------
PRINT OUT A COLUMN AND EVERYTHING AFTER IT WHICH IN THE EXAMPLE PROVIDED IS COLUMN 12
awk '{ s = ""; for (i = 12; i <= NF; i++) s = s $i " "; print s }'
------------------------------------------------------------------------------------------------
PRINT THE LAST FIELD
tail -f file | grep A1 | awk '{print $NF}'
------------------------------------------------------------------------------------------------
USING DELIMTER TO PRINT OUT EVERYTHING WITHIN IT
tail -100 access-logs/pennystocktweets.com | awk -F \" '{print$(NF-1)}'
------------------------------------------------------------------------------------------------
REMOVE DUPLICATE ENTIRES FOR COLUMN 2 BASED ON MATCHES IN COLUMN 1
------------------------------------------------------------------------------------------------
awk '$1~/regextomatch/&&!_[$2]++{print$2}' filename
------------------------------------------------------------------------------------------------
SET MULTIPLE DELIMITERS :. THEN MATCH /malek/ AND WHERE DELIMITER : THEN . NOT EQUAL STRING 'coderhall' GSUB 'malek' with nothing and Print
------------------------------------------------------------------------------------------------
awk -F "[:.]" '$NF~/malek/&&$(NF-2)!="coderhall"{ gsub (": malek",""); print }' /etc/userdomains
akaind.com
siavash.rocks
hamidlighting.com
iranianeyeclinic.com
akagroup.org
isecho.org
akhgarelectric.com
smartgym.akafitness.co
scsir.org
akafitness.co
faradidafzar.com
akafitness.net
----------------------------------------------------
FULL OUTPUT OF DOMAINS MATCHING malek
------------------------------------------------------------------------------------------------
grep malek /etc/userdomains
akaind.com: malek
akhgarelectric.coderhall.com: malek
akagroup.coderhall.com: malek
coderhall.com: malek
siavash.coderhall.com: malek
siavash.rocks: malek
iranianeyeclinic.coderhall.com: malek
persiangallery.coderhall.com: malek
hamidlighting.com: malek
isecho.coderhall.com: malek
tornado.coderhall.com: malek
------------------------------------------------------------------------------------------------
PULLING ADDON DOMAINS AND PATH
------------------------------------------------------------------------------------------------
addon_domains () { awk -v user="$1" -F "[:=]" '$6 ~ /addon/ && $2 ~ " "user"$" {print $10,$1}' /etc/userdatadomains;}; addon_domains sami
/home3/sami/public_html/berraquerapaisa.com berraquerapaisa.com
/home3/sami/public_html/criaderoaristogatos.com criaderoaristogatos.com
/home3/sami/public_html/esperanzagomez.online esperanzagomez.online
/home3/sami/public_html/fincalacascada.com fincalacascada.com
/home3/sami/public_html/limpiezadelser.com limpiezadelser.com
/home3/sami/public_html/lonchiseda.com lonchiseda.com
/home3/sami/public_html/marketingypromociones.com marketingypromociones.com
/home3/sami/public_html/orgullosamentepaisa.com orgullosamentepaisa.com
/home3/sami/public_html/orgullosamentepaisas.com orgullosamentepaisas.com
/home3/sami/public_html/transportesdya.com transportesdya.com
------------------------------------------------------------------------------------------------
To pull Addon domains and output only the docroot domain on a single line
------------------------------------------------------------------------------------------------
hal cpanel_api server_id 163484 username hgdesign function listaddondomains module AddonDomain | awk '$1=="dir"{dr=$2}$1=="domain"{dom=$2}dr&&dom{print dr,dom;dr=dom=0}' | while read docroot domain; do echo "$docroot $domain";done
/home1/hgdesign/public_html/iheartmontrose.com iheartmontrose.com
/home1/hgdesign/public_html/sandwichboard.net sandwichboard.net
------------------------------------------------------------------------------------------------
for ip in 216.172.184.9{0..9} ; do echo $ip ; whois $ip | grep -oP "(?<=network:Organization;I:)[a-z]\S+" | while read dom ; do dig A $dom | awk '{OFS="\t"}BEGIN{nores=1;}{gsub(".\t","\t");if ($1~/^'$dom'/){print$1,$NF; nores=0}}END{if (nores) print "'$dom'";}'; done ; done
------------------------------------------------------------------------------------------------
awk -F "[ :]" '$9=="teaevent"&&$8=="CREATE"&&$7=="2016"&&!_[$NF]++{system("if [ -e /var/cpanel/users/"$NF" ] ; then echo -e \""$NF"\t"$(NF-2)"\" ; fi")}' /var/cpanel/accounting.log
------------------------------------------------------------------------------------------------
PULL ALL USERS CREATED IN 2016 THAT ARE STILL PRESENT ON THE SERVER
------------------------------------------------------------------------------------------------
awk -F "[ :]" '$8=="CREATE"&&$7=="2016"&&!_[$NF]++{system("if [ -e /var/cpanel/users/"$NF" ] ; then echo -e \""$NF"\t"$(NF-2)"\" ; fi")}' /var/cpanel/accounting.log
------------------------------------------------------------------------------------------------
ALTERNATE METHOD W/O SYSTEM CALL
------------------------------------------------------------------------------------------------
awk -F "[ :]" '{OFS="\t"}$8=="CREATE"&&$7=="2016"&&!_[$NF]++{ xxx = " ls /var/cpanel/users/"$NF " 2>/dev/null";if (xxx | getline yyy);else yyy=0 ;close (xxx); if (yyy) print$NF,$(NF-2);close (yyy)}' /var/cpanel/accounting.log
------------------------------------------------------------------------------------------------
AWK USING GETLINE
------------------------------------------------------------------------------------------------
[root@gator3314 /home2/ibmperu]# awk -F : '{OFS=":"}$(NF-1)=="ibmperu"{ cmd = "date -d @"$1 ; if (cmd | getline t) $1=t; print$0; close (CMD)}' /var/log/abusetool.log
Fri Jul 15 05:05:52 CDT 2016:http:disable:ibmperu:NBA-45676225
Fri Jul 15 15:38:33 CDT 2016:http:enable:ibmperu:NBA-45676225
Thu Aug 25 02:09:09 CDT 2016:http:disable:ibmperu:GKM-508-47251
Thu Aug 25 09:54:39 CDT 2016:http:enable:ibmperu:GKM-508-47251
Mon Sep 5 08:53:43 CDT 2016:http:disable:ibmperu:HZW-968-32594
Mon Sep 5 11:23:38 CDT 2016:http:enable:ibmperu:HZW-968-32594
Mon Sep 5 15:58:00 CDT 2016:http:disable:ibmperu:FBO-312-70888
Mon Sep 5 23:23:25 CDT 2016:http:enable:ibmperu:FBO-312-70888
Sat Sep 10 02:54:20 CDT 2016:http:disable:ibmperu:CDT-46695619
Sat Sep 10 16:27:44 CDT 2016:http:enable:ibmperu:CDT-46695619
Sat Sep 10 16:34:56 CDT 2016:http:disable:ibmperu:CDT-46695619
Sat Sep 10 16:35:08 CDT 2016:http:enable:ibmperu:CDT-46695619
Sun Oct 23 09:09:51 CDT 2016:http:disable:ibmperu:DLK-445-69830
normally, that file has the epoch time at the beginning. i just used awk and system to replace the epoch time with the output of date -d
that close(cmd) should be lowercase. apparently it doesn't matter though.
------------------------------------------------------------------------------------------------
File Output
------------------------------------------------------------------------------------------------
1456606799:http:enable:adesanya:BHU-42368795
1457721176:http:enable:dinhdoan:LES-42371168
1457938626:http:disable:altopode:FKN-42911813
1458287053:http:disable:delta12:CFK-43040585
1458345475:http:enable:delta12:CFK-43040585
1458345566:http:disable:delta12:CFK-43040585
1458505315:http:enable:delta12:CFK-43040585
1461223348:http:disable:medwards1965:IAX-800-64427
1462354690:http:disable:mija:TLG-957-30790
1462505493:http:disable:onebrady:QLA-521-54355
1464183707:http:disable:booker10:ZGU-376-21306
1464310054:http:enable:booker10:ZGU-376-21306
1464398105:http:disable:imrand:BTD-628-48445
1464793551:http:enable:imrand:BTD-628-48445
1464954518:http:disable:imrand:YYF-698-47816
1465337702:http:enable:imrand:YYF-698-47816
1468697876:http:enable:mija:TLG-957-30790
1469009543:http:disable:imrand:XRA-635-30977
1469220697:http:disable:jmakhoul:IJS-476-61292
1469640446:http:enable:imrand:XRA-635-30977
1469640740:http:disable:imrand:XRA-635-30977
1469640819:http:enable:imrand:XRA-635-30977
1471273992:http:enable:jmakhoul:IJS-476-61292
1472649407:http:disable:abuzuluf:UIS-685-57379
1472691443:http:disable:kiddcuzzclo:BEU-256-20074
1473148395:http:disable:resttemp:SFP-893-85816
1473149742:http:disable:alliance:SNH-766-33920
1473168119:http:enable:resttemp:SFP-893-85816
1474496232:http:disable:jmakhoul:OSK-128-23639
1474665094:http:enable:alliance:SNH-766-33920
1475611369:http:enable:jmakhoul:OSK-128-23639
1476295452:http:disable:jmakhoul:FMW-723-46783
1476299671:http:enable:jmakhoul:FMW-723-46783
1476383235:http:disable:jmakhoul:WHQ-843-26992
1476469890:http:disable:khosrov:DXE-903-74816
1476530736:http:disable:james948:ZJM-394-63813
1476554214:http:enable:james948:ZJM-394-63813
1476752907:http:enable:jmakhoul:WHQ-843-26992
1477207923:http:disable:jolib:IET-300-45720
------------------------------------------------------------------------------------------------
to figure out help hours for agents, so i copied the chart results of the hh page output into a text file and ran the following.
sum_min += $4 this means add up all values in column 4 and assign the output to sum_min
sum_hour=int(hours+(sum_min/60) i had to use int here because, by default, awk numbers are always floating point.
awk -F "[\t:]" '{OFS=":"}$1!~/[A-Za-z]+/{sum_min += $4;min=sum_min%60;hours+=$3;sum_hour=int(hours+(sum_min/60))}END{print sum_hour,min}' hh_checker
------------------------------------------------------------------------------------------------
TO OUTPUT INTO CSV
------------------------------------------------------------------------------------------------
awk -F"\t" '{OFS=","}{print $1,$2,$3}' cheri-final1.csv > zzz.csv
1
# Add comma as separator (as original comma)
2
awk -F"," '{OFS=","}{print $1,$2,$3}' AviationData.csv > Filtered_AviationData_threefields.csv
3
# Add vertical bar as separator (as original vertical bar)
4
awk -F"|" '{OFS="|"}{print $1,$2,$3}' AviationData.vsv > Filtered_AviationData_threefields.vsv
5
# Add tab as separator (changed from ,)
6
awk -F"," '{OFS="\t"}{print $1,$2,$3}' AviationData.csv > Filtered_AviationData_threefields.tsv
------------------------------------------------------------------------------------------------
Using awk
for i in $(cat blah) ; do echo /home/hgbackupdir/restore.pl $(echo $i |awk -F_ '{print $1}') mysql $i ; done------------------------------------------------------------------------------------------------
cat xxx | while read i ; do awk '/$i/{system("touch ~"$2"/.skip_nextdb,hg_backup")}' /etc/userdomains;done
cat xxx | while read i ; do awk '/'$i'/{system("touch ~"$2"/.skip_nextdb,hg_backup")}' /etc/userdomains; done
awk '$7~/hostgator.com/{gsub(".hostgator.com.*$","");print$7}' exim.alerts
br58
gator4093
gator4112
br60
!_[$2]++
------------------------------------------------------------------------------------------------
awk '/Updated:/{flag=1;next}/\#\t+\#/{flag=0}{gsub("^#","*");gsub("\t#","")}flag' amc_0.3.py
Replaced checkown function with
pwd.getpwuid.
Replaced %s with .format
Removed unecessary logic in logfile.
This is actually pulling from the top of the file output below.

#!/usr/bin/python

#########################################
# #
# Script: Archive Malicious Content #
# Author: Andrew Narunsky #
# Version: 0.3 #
# #
#########################################
# #
# Updated: #
# Replaced checkown function with #
# pwd.getpwuid. #
# Replaced %s with .format #
# Removed unecessary logic in logfile. #
# #
#########################################
# #
# To Do: #
# Get hash for files. #
# Add flag for more hash checking. #
# Add flag for timestamp checking. #
# #
#########################################
------------------------------------------------------------------------------------------------
cpmp() { egrep -sc "${1?Please specify a string.}" /usr/local/apache/domlogs/* | awk -F':' '{if ($NF > 0) print $NF,$1}' | sort -n ; } ; cpmp 187.158.5.15
------------------------------------------------------------------------------------------------
4.5 Specifying How Fields Are Separated

Default Field Splitting:	How fields are normally separated.
Regexp Field Splitting:	Using regexps as the field separator.
Single Character Fields:	Making each character a separate field.
Command Line Field Separator:	Setting FS from the command line.
Full Line Fields:	Making the full line be a single field.
Field Splitting Summary:	Some final points and a summary table.
The field separator, which is either a single character or a regular expression, controls the way awk splits an input record into fields. awk scans the input record for character sequences that match the separator; the fields themselves are the text between the matches.
In the examples that follow, we use the bullet symbol (•) to represent spaces in the output. If the field separator is ‘oo’, then the following line:

moo goo gai pan
is split into three fields: ‘m’, ‘•g’, and ‘•gai•pan’. Note the leading spaces in the values of the second and third fields.

The field separator is represented by the predefined variable FS. Shell programmers take note: awk does not use the name IFS that is used by the POSIX-compliant shells (such as the Unix Bourne shell, sh, or Bash).

The value of FS can be changed in the awk program with the assignment operator, ‘=’ (see Assignment Ops). Often, the right time to do this is at the beginning of execution before any input has been processed, so that the very first record is read with the proper separator. To do this, use the special BEGIN pattern (see BEGIN/END). For example, here we set the value of FS to the string ",":

awk 'BEGIN { FS = "," } ; { print $2 }'
Given the input line:

John Q. Smith, 29 Oak St., Walamazoo, MI 42139
this awk program extracts and prints the string ‘•29•Oak•St.’.

Sometimes the input data contains separator characters that don’t separate fields the way you thought they would. For instance, the person’s name in the example we just used might have a title or suffix attached, such as:

John Q. Smith, LXIX, 29 Oak St., Walamazoo, MI 42139
------------------------------------------------------------------------------------------------
awk -F : '{split($0, d, " |:"); m=(match("JanFebMarAprMayJunJulAugSepOctNovDec",d[2])+2)/3; ; if (d[3]=="") t=mktime(d[8]" "m" "d[4]" "d[5]" "d[6]" "d[7]);else t=mktime(d[7]" "m" "d[3]" "d[4]" "d[5]" "d[6]);c=(strftime("%s") - 5184000);}t>c{checksus = "grep -L SUSPEND /var/cpanel/users/"$NF" 2>/dev/null";checkoff = "ls -1 /home{,1,2,3,4}/"$NF"/public_html/{,*/}{OFERT,geoip,*pay*pal,combo-familia,barclays,santander,identificacao}* 2>/dev/null | head -1"; if (checksus|getline notsus) ; else notsus = 0 ; if (checkoff | getline off) ; else off = 0 ; if (notsus && off) print"\n"$0"\n"off ; close(notsus);close(checkof)}END{print""}' /var/cpanel/accounting.log

Fri Dec 23 15:28:27 2016:CREATE:root:root:retroman.us:192.185.128.171:retroma3
/home2/retroma3/public_html/includes/paypalconfig.php

Sat Dec 24 21:28:30 2016:CREATE:root:root:kosakatadesign.com:192.185.128.171:kosakata
/home2/kosakata/public_html/tools/geoip:

Sun Dec 25 18:53:54 2016:CREATE:root:root:wikeshop.net:192.185.128.171:wikeshop
/home1/wikeshop/public_html/tools/geoip:

Mon Dec 26 20:23:34 2016:CREATE:root:root:murddyeffy.com:192.185.128.172:murddyef
/home1/murddyef/public_html/includes/paypalconfig.php

Tue Dec 27 11:23:03 2016:CREATE:root:root:casasbahia-sslblindados.com:192.185.128.171:casasbb8
/home1/casasbb8/public_html/home/OFERTAS.zip

Wed Dec 28 12:12:08 2016:CREATE:root:root:casas-bahias.com:192.185.128.171:casasbc0
/home1/casasbc0/public_html/images/santander.jpg
------------------------------------------------------------------------------------------------
awk -F \" 'BEGIN{OFS=","}/^[0-9]/{udata=$0}$2=="status"{status=$4}{if($2=="reason"&&$4!="")print udata,status,$4;else if($2=="reason"&&$4=="")print udata,status}' /home/${user}/.cpanel/backup_status
------------------------------------------------------------------------------------------------
Example list
------------------------------------------------------------------------------------------------
[root@gator2007 ~]# cat list2
1708371 1684080 platinum gator2007.hostgator.com
1635639 1684091 mrpierre gator2007.hostgator.com
1708386 1684095 ldoogs1 gator2007.hostgator.com
1708442 1684145 kraegerb gator2007.hostgator.com
1708478 1684182 nongtae gator2007.hostgator.com
1708567 1684275 siammap gator2007.hostgator.com
------------------------------------------------------------------------------------------------
Example Output
------------------------------------------------------------------------------------------------
cat list2 | while read bid pkgid user hname; do nas=$(awk -F \" 'BEGIN{OFS=","}/^[0-9]/{udata=$0}$2=="status"{status=$4}{if($2=="reason"&&$4!="")print udata,status,$4;else if($2=="reason"&&$4=="")print udata,status}' /home/${user}/.cpanel/backup_status) ; echo "$bid,$pkgid,$user$nas"; done
1708371,1684080,platinum,failed,disk
1635639,1684091,mrpierre,finished
1708386,1684095,ldoogs1,finished
1708442,1684145,kraegerb,finished
1708478,1684182,nongtae,failed,inode
1708567,1684275,siammap,finished