4

我在接收到的 snmp 陷阱的 bash 变量集中有以下输出:

回声 $var

Nov 27 16:20:34 witness logger: trap: vars: DISMAN-EVENT-MIB::sysUpTimeInstance = 0:6:10:29.06,  SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-SMI::enterprises.11.2.29.2.90.0.10000002, SNMPv2 SMI::enterprises.11.2.29.2.90.1 = "Finished Number", SNMPv2-SMI::enterprises.11.2.29.2.90.2 = "Filter Cirteria: [called='3333']", SNMPv2-SMI::enterprises.11.2.29.2.90.3 = "Cleared", SNMPv2     SMI::enterprises.11.2.29.2.90.4 = "major Over-Flow alert on Finished Number for ['3333']", SNMPv2 SMI::enterprises.11.2.29.2.90.5 = "The Corresponding Metric Value is: 0.5", SNMPv2- SMI::enterprises.11.2.29.2.90.6 = "Over-Flow", SNMPv2-SMI::enterprises.11.2.29.2.90.7 = "Tue Nov 27 16:20:05 CET 2012"

我试图在变量中获得以下输出:

var1 = "Tue Nov 27 16:20:05 CET 2012"
var2 = "Finished Number"
var3 = "The Corresponding Metric Value is: 0.5"
var4 = "Cleared"
var5 = "major Over-Flow alert on Finished Number for ['3333']"

我正在考虑通过 awk 做到这一点

基于snmp OID:enterprise.11.2.29.2.90.4, enterprise.11.2.29.2.90.5, 11.2.29.2.90.6 等...

但似乎无法仅提取引用内容的内容“”

4

5 回答 5

3

似乎您想匹配双引号内的所有字符串,这是最容易完成的grep

$ echo $var | grep -o '"[^"]*"'

"Finished Number"
"Filter Cirteria: [called=3333]"
"Cleared"
"major Over-Flow alert on Finished Number for [3333]"
"The Corresponding Metric Value is: 0.5"
"Over-Flow"
"Tue Nov 27 16:20:05 CET 2012"

解释:

-o只打印匹配的那部分行。

"     # Match opening double quote
[^"]* # Match anything not a double quote
"     # Match closing double quote

希望这可以帮助您入门。

于 2012-11-27T16:31:30.493 回答
3

Perl 解决方案:

echo "$var" | perl -nE 'say "var", ++$x, "=$1" while /(".*?")/g'

输出:

var1="Finished Number"
var2="Filter Cirteria: [called='3333']"
var3="Cleared"
var4="major Over-Flow alert on Finished Number for ['3333']"
var5="The Corresponding Metric Value is: 0.5"
var6="Over-Flow"
var7="Tue Nov 27 16:20:05 CET 2012"
于 2012-11-27T16:17:51.987 回答
2

让我们从一些简单的事情开始,这样您就可以看到在使用时字段是如何分解的awk

echo "${var}" | awk 'BEGIN{FS="\""} {for (i=1; i<=NF; i++) {print "["i"]", $i}}'

或者,如果你的 shell 支持 herestrings:

awk 'BEGIN{FS="\""} {for (i=1; i<=NF; i++) {print "["i"]", $i}}' <<< "${var}"

输出:

[1] Nov 27 16:20:34 witness logger: trap: vars: DISMAN-EVENT-MIB::sysUpTimeInstance = 0:6:10:29.06,  SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-SMI::enterprises.11.2.29.2.90.0.10000002, SNMPv2 SMI::enterprises.11.2.29.2.90.1 = 
[2] Finished Number
[3] , SNMPv2-SMI::enterprises.11.2.29.2.90.2 = 
[4] Filter Cirteria: [called='3333']
[5] , SNMPv2-SMI::enterprises.11.2.29.2.90.3 = 
[6] Cleared
[7] , SNMPv2     SMI::enterprises.11.2.29.2.90.4 = 
[8] major Over-Flow alert on Finished Number for ['3333']
[9] , SNMPv2 SMI::enterprises.11.2.29.2.90.5 = 
[10] The Corresponding Metric Value is: 0.5
[11] , SNMPv2- SMI::enterprises.11.2.29.2.90.6 = 
[12] Over-Flow
[13] , SNMPv2-SMI::enterprises.11.2.29.2.90.7 = 
[14] Tue Nov 27 16:20:05 CET 2012
[15]

现在根据需要选择字段:

var1=$(awk 'BEGIN{FS="\""} {print $14}' <<< "${var}")
var2=$(awk 'BEGIN{FS="\""} {print $2}' <<< "${var}")
var3=$(awk 'BEGIN{FS="\""} {print $10}' <<< "${var}")
var4=$(awk 'BEGIN{FS="\""} {print $6}' <<< "${var}")
var5=$(awk 'BEGIN{FS="\""} {print $8}' <<< "${var}")

解释:

  • awk 'BEGIN{FS="\""}: 这里我们awk用来分隔输入"
  • {print $14}':打印用引号括起来的特定字段
  • <<< "${var}": 如果可用,使用 herestring 代替 echo(见上文)
  • 这是假设您的格式在$var字段排序方面保持相对一致
于 2012-11-27T16:26:35.070 回答
1 
$ echo "$var" | awk -F\" 'BEGIN{n=split("14 2 10 6 8",v," ")} {for (i=1;i<=n;i++) printf "var%d = \"%s\"\n",i,$(v[i])}'
var1 = "Tue Nov 27 16:20:05 CET 2012"
var2 = "Finished Number"
var3 = "The Corresponding Metric Value is: 0.5"
var4 = "Cleared"
var5 = "major Over-Flow alert on Finished Number for ['3333']"

此外,也许更多你想要的,这里是如何用 awk 执行的结果填充一个 shell 数组:

$ IFS=$'\n' varArr=( $(echo "$var" | awk -F\" 'BEGIN{n=split("14 2 10 6 8",v," ")}
 {for (i=0;i<=n;i++) printf "\"%s\"\n",$(v[i])}') )

$ echo "${varArr[1]}"                                                         
"Tue Nov 27 16:20:05 CET 2012"

$ echo "${varArr[2]}"
"Finished Number"

$ echo "${varArr[3]}"
"The Corresponding Metric Value is: 0.5"

$ echo "${varArr[4]}"
"Cleared"

$ echo "${varArr[5]}"
"major Over-Flow alert on Finished Number for ['3333']"

如果您不想在文本周围加上引号,请不要在 awk 脚本中添加它们:

IFS=$'\n' varArr=( $(echo "$var" | awk -F\" 'BEGIN{n=split("14 2 10 6 8",v," ")}
{for (i=0;i<=n;i++) print $(v[i])}') )

以上两种方法都会将整个输入字符串放在 ${varArr[0]} 中。如果这是不可取的,这是一个微不足道的调整。

于 2012-11-27T20:58:25.840 回答
0

我最终使用了 awk 解决方案,但其他解决方案也很适合。谢谢大家。

val=$(echo $val |  awk '{for(i=1;i<=NF;i++)if($i~/is:/)print $(i+1)}' | cut -d\" -f 1)

有关信息,当接收到陷阱时,该脚本将在 snmptrapd 中使用,它会将日志放入消息中并对特定警报执行其他操作。

主循环如下:

vars=
while read oid val
do
if [ "$vars" = "" ]
  then
    vars="$oid = $val"
  else
    vars="$vars, $oid = $val" 
        if [ "$oid" == "SNMPv2-SMI::enterprises.11.2.29.2.90.5" ]
        then
          val=$(echo $val |  awk '{for(i=1;i<=NF;i++)if($i~/is:/)print $(i+1)}' | cut -d\" -f 1)
          /bin/logger "found: value 5:    $val "
          val5=$val
        fi
 fi
done
于 2013-03-28T08:18:55.990 回答