linux - AWK string and value larger than -
i'm digging e-mail logs , want check e-mails exceeded specific size. practically, in log, have text 'size=' followed value. there way find values after word 'size=' exceed chosen limit ?
line examples:
sep 2 02:11:27 mailsys postfix/qmgr[2989]: f24c712000ba: from=<root@mail.ro>, size=462, nrcpt=1 (queue active) sep 2 03:19:54 mailsys postfix/qmgr[2989]: 863ae1200097: from=<c.ivan@mail.ro>, size=554, nrcpt=1 (queue active) sep 2 04:01:34 mailsys postfix/qmgr[2989]: a763712000ba: from=<nbounce-24-512645-898600-d25ee-bc28d1c8@nzadev.eu>, size=39992, nrcpt=1 (queue active) i output new text file lines exceed 10mb (10485760 bytes).
assuming size= preceded space, do:
awk -v min_size=10000 '{ size = 0 } ; / size=[[:digit:]]/ { size = $0 ; sub( /^.* size=/, "", size ) ; sub( /[^[:digit:]].*$/, "", size ) ; size += 0 } ; size > min_size { print }' file in details:
awk -v min_size ' { # reset size new line size = 0 } # process line including size= / size=[[:digit:]]/ { size = $0 # removing before size= sub( /^.* size=/, "", size ) # remove after digits sub( /[^[:digit:]].*$/, "", size ) # convert size number size += 0 } size > min_size { print }' file
Comments
Post a Comment