原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。 http://coolerfeng.blog.51cto.com/133059/58773
从DHCP的log中提取MAC和IP地址.
/var/lib/dhcpd/dhcp.lease中的一段记录如下:
lease 192.168.1.238 {
starts 0 2007/11/25 11:57:41;
ends 0 2007/11/25 17:57:41;
tstp 0 2007/11/25 17:57:41;
binding state free;
hardware ethernet 00:0c:29:ac:4e:01;
uid "\377eth0\000\001\000\001\016\354\015J\000\014)\254N\001";
}
# cat dhcpd.leases | egrep 'lease|hardware' | sed 's/lease//g' | sed 's/{//g' | sed 's/hardware ethernet//g
网友给的办法.测试了一下.重复的较多.主要是出现了.同一个MAC多次获取不同的IP地址的情况
在CU上找到更好的命令 [url]http://bbs.chinaunix.net/thread-980700-1-1.html[/url]
cat dhcpd.leases|awk 'BEGIN{RS=ORS="}"}{print $2,$21,"\n"}'
或者
awk 'BEGIN{RS=ORS="}"}{print $2,$21,"\n"}' dhcpd.leases
解释:
RS 输入的记录他隔符 新行
ORS 输出的记录分隔符 新行
从头查找,遇到}结束,显示第2和第21个字段.ip在第2个字段.mac在第21个字段.
这样出来的结果基本符合我们的要求.
All so
}192.168.1.250 00:0c:29:ac:4e:01;
}192.168.1.238 00:0c:29:ac:4e:01;
}192.168.1.241 00:0c:29:ac:4e:01;
}192.168.1.246 00:0c:29:ac:4e:01;
}192.168.1.248 00:0c:29:ac:4e:01;
}192.168.1.251 00:0c:29:05:ac:8a;
}192.168.1.253 00:0c:29:c2:b3:44;
}192.168.1.247 00:0a:eb:f3:39:dd;
}192.168.1.254 00:0c:29:c2:b3:44;
}192.168.1.249 00:0c:29:a8:c7:0a;
}192.168.1.245 00:0c:29:79:e2:aa;
}192.168.1.244 00:0c:29:79:e2:aa;
}192.168.1.243 00:0c:29:9d:e8:d8;
}192.168.1.240 00:0c:29:a8:59:21;
}192.168.1.242 00:0c:29:9d:e8:d8;
}192.168.1.239 00:16:d3:b6:1b:d2;
}
缺点就是第一行多了All so 每一行多了},也就是说我们要把这个结果再处理一下.
去掉第一行和最后一行,并把它排序.
改进一下命令,由于dhcpd.lease前面7行都是注释的内容,我们跳过这些行
tail -n +8 dhcpd.lease
从第8行开始显示dhcpd.lease文件
#tail -n +8 dhcpd.leases|less|awk 'BEGIN{RS=ORS="}"}{print $2,$21,"\n"}'
192.168.1.252 00:0c:29:ac:4e:01;
}192.168.1.250 00:0c:29:ac:4e:01;
}192.168.1.238 00:0c:29:ac:4e:01;
}192.168.1.241 00:0c:29:ac:4e:01;
}192.168.1.246 00:0c:29:ac:4e:01;
}192.168.1.248 00:0c:29:ac:4e:01;
}192.168.1.251 00:0c:29:05:ac:8a;
}192.168.1.253 00:0c:29:c2:b3:44;
}192.168.1.247 00:0a:eb:f3:39:dd;
}192.168.1.254 00:0c:29:c2:b3:44;
}192.168.1.249 00:0c:29:a8:c7:0a;
}192.168.1.245 00:0c:29:79:e2:aa;
}192.168.1.244 00:0c:29:79:e2:aa;
}192.168.1.243 00:0c:29:9d:e8:d8;
}192.168.1.240 00:0c:29:a8:59:21;
}192.168.1.242 00:0c:29:9d:e8:d8;
}192.168.1.239 00:16:d3:b6:1b:d2;
}
现在还有该死的},我们用sed命令把它替换掉.
#tail -n +8 dhcpd.leases|less|awk 'BEGIN{RS=ORS="}"}{print $2,$21,"\n"}'|sed 's/}//g'
192.168.1.252 00:0c:29:ac:4e:01;
192.168.1.250 00:0c:29:ac:4e:01;
192.168.1.238 00:0c:29:ac:4e:01;
192.168.1.241 00:0c:29:ac:4e:01;
192.168.1.246 00:0c:29:ac:4e:01;
192.168.1.248 00:0c:29:ac:4e:01;
192.168.1.251 00:0c:29:05:ac:8a;
192.168.1.253 00:0c:29:c2:b3:44;
192.168.1.247 00:0a:eb:f3:39:dd;
192.168.1.254 00:0c:29:c2:b3:44;
192.168.1.249 00:0c:29:a8:c7:0a;
192.168.1.245 00:0c:29:79:e2:aa;
192.168.1.244 00:0c:29:79:e2:aa;
192.168.1.243 00:0c:29:9d:e8:d8;
192.168.1.240 00:0c:29:a8:59:21;
192.168.1.242 00:0c:29:9d:e8:d8;
192.168.1.239 00:16:d3:b6:1b:d2;
我们再把结果排序一下,让它看上去舒服一些.
#tail -n +8 dhcpd.leases|less|awk 'BEGIN{RS=ORS="}"}{print $2,$21,"\n"}'|sed 's/}//g'|sort -n
192.168.1.238 00:0c:29:ac:4e:01;
192.168.1.239 00:16:d3:b6:1b:d2;
192.168.1.240 00:0c:29:a8:59:21;
192.168.1.241 00:0c:29:ac:4e:01;
192.168.1.242 00:0c:29:9d:e8:d8;
192.168.1.243 00:0c:29:9d:e8:d8;
192.168.1.244 00:0c:29:79:e2:aa;
192.168.1.245 00:0c:29:79:e2:aa;
192.168.1.246 00:0c:29:ac:4e:01;
192.168.1.247 00:0a:eb:f3:39:dd;
192.168.1.248 00:0c:29:ac:4e:01;
192.168.1.249 00:0c:29:a8:c7:0a;
192.168.1.250 00:0c:29:ac:4e:01;
192.168.1.251 00:0c:29:05:ac:8a;
192.168.1.252 00:0c:29:ac:4e:01;
192.168.1.253 00:0c:29:c2:b3:44;
192.168.1.254 00:0c:29:c2:b3:44;
如果只是单纯要IP或者MAC
列出IP
cat dhcpd.leases|grep -o '\<[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\>'
列出MAC
cat dhcpd.lease|grep -o '\<[0-9a-f]\{2\}:[0-9a-f]\{2\}:[0-9a-f]\{2\}:[0-9a-f]\{2\}:[0-9a-f]\{2\}:[0-9a-f]\{2\}\>'
本文出自 “风吹云动” 博客,请务必保留此出处http://coolerfeng.blog.51cto.com/133059/58773