几行bash分析日志并报警强力蜘蛛

被SB蜘蛛抓烦了,今天早上一看,有2个IP一小时就抓了我80G的页面,还都是动态页面。

首先让 Apache 记的日志最小化,好处不用说了。


SetEnvIfNoCase Request_URI \.gif$ dontlog
SetEnvIfNoCase Request_URI \.jpg$ dontlog
SetEnvIfNoCase Request_URI \.png$ dontlog
SetEnvIfNoCase Request_URI \.swf$ dontlog
SetEnvIfNoCase Request_URI \.css$ dontlog
SetEnvIfNoCase Request_URI \.js$ dontlog
SetEnvIfNoCase Request_URI \.ico$ dontlog
CustomLog "|/usr/local/sbin/cronolog /var/log/httpd/%Y-%m/%d-%H.ip" "%{X-Forwarded-For}i" env=!dontlog

因为我的 Apache 是躲在 n 层代理的后面,所以只能记录 %{X-Forwarded-For},里面包含真实 IP,但是需要下一步分析去取出。


cd /var/log/httpd
f=`date -d '1 hours ago' +%Y-%m/%d-%H.ip`
ip=`sed 's#^\([0-9\.]\{1,\}\)[0-9 \.,\s]\{1,\}#\1#' $f | awk '{a[$1]++ } END{for(i in a){print a[i] " " i}}' | sort -rn | head`
curl -u 机器人的饭否登录名:密码 -d status="$ip" http://api.fanfou.com/statuses/update.xml
rm $f

测试下来一小时 10M 的 log,分析一下也就 3 秒左右,还有1秒是发送给饭否的报警的。如果记录的直接就是真实 IP,那可以去掉 sed 那段,分析应该还会快很多(log文件就小很多了)。

看到有夸张的,不是常规搜索引擎蜘蛛的话,就咔嚓掉。

iptables -A INPUT -s xxx.xxx.xxx.xxx/29 -j DROP

1 202.106.186.* 163蜘蛛
2 202.108.36.* 163蜘蛛
3 202.108.44.* 163蜘蛛
4 202.108.45.* 163蜘蛛
5 202.108.5.* 163蜘蛛
6 202.108.9.* 163蜘蛛
7 220.181.12.* 163蜘蛛
8 220.181.13.* 163蜘蛛
9 220.181.14.* 163蜘蛛
10 220.181.15.* 163蜘蛛
11 220.181.28.* 163蜘蛛
12 220.181.31.* 163蜘蛛
13 222.185.245.* 163蜘蛛
14 202.165.100.* 3721蜘蛛
15 220.181.19.* 百度蜘蛛
16 159.226.50.* 百度蜘蛛
17 202.108.11.* 百度蜘蛛
18 202.108.22.* 百度蜘蛛
19 202.108.23.* 百度蜘蛛
20 202.108.249.* 百度蜘蛛
21 202.108.250.* 百度蜘蛛
22 61.135.145.* 百度蜘蛛
23 61.135.146.* 百度蜘蛛
24 64.124.85.* become.com
25 61.151.243.* china蜘蛛
26 202.165.96.* gais.cs.ccu.edu.tw
27 216.239.33.* google蜘蛛
28 216.239.35.* google蜘蛛
29 216.239.37.* google蜘蛛
30 216.239.39.* google蜘蛛
31 216.239.51.* google蜘蛛
32 216.239.53.* google蜘蛛
33 216.239.55.* google蜘蛛
34 216.239.57.* google蜘蛛
35 216.239.59.* google蜘蛛
36 64.233.161.* google蜘蛛
37 64.233.189.* google蜘蛛
38 66.102.11.* google蜘蛛
39 66.102.7.* google蜘蛛
40 66.102.9.* google蜘蛛
41 66.249.64.* google蜘蛛
42 66.249.65.* google蜘蛛
43 66.249.66.* google蜘蛛
44 66.249.71.* google蜘蛛
45 66.249.72.* google蜘蛛
46 72.14.207.* google蜘蛛
47 61.135.152.* iask蜘蛛
48 65.54.188.* msn蜘蛛
49 65.54.225.* msn蜘蛛
50 65.54.226.* msn蜘蛛
51 65.54.228.* msn蜘蛛
52 65.54.229.* msn蜘蛛
53 207.46.98.* msn蜘蛛
54 207.68.157.* msn蜘蛛
55 194.224.199.* noxtrumbot
56 220.181.8.* Outfox
57 221.239.209.* Outfox
58 217.212.224.* psbot
59 219.133.40.* QQ蜘蛛
60 202.96.170.* QQ蜘蛛
61 202.104.129.* QQ蜘蛛
62 61.135.157.* QQ蜘蛛
63 219.142.118.* sina蜘蛛
64 219.142.78.* sina蜘蛛
65 61.135.132.* sohu蜘蛛
66 220.181.26.* sohu蜘蛛
220.181.19.*
67 61.135.158.* tom蜘蛛
68 66.196.90.* yahoo蜘蛛
69 66.196.91.* yahoo蜘蛛
70 68.142.249.* yahoo蜘蛛
71 68.142.250.* yahoo蜘蛛
72 68.142.251.* yahoo蜘蛛
73 202.165.102.* yahoo中国蜘蛛
74 202.160.178.* yahoo中国蜘蛛
75 202.160.179.* yahoo中国蜘蛛
76 202.160.180.* yahoo中国蜘蛛
77 202.160.181.* yahoo中国蜘蛛
78 202.160.183.* yahoo中国蜘蛛
79 72.30.101.* yahoo蜘蛛
80 72.30.102.* yahoo蜘蛛
81 72.30.103.* yahoo蜘蛛
82 72.30.104.* yahoo蜘蛛
83 72.30.107.* yahoo蜘蛛
84 72.30.110.* yahoo蜘蛛
85 72.30.111.* yahoo蜘蛛
86 72.30.128.* yahoo蜘蛛
87 72.30.129.* yahoo蜘蛛
88 72.30.131.* yahoo蜘蛛
89 72.30.133.* yahoo蜘蛛
90 72.30.134.* yahoo蜘蛛
91 72.30.135.* yahoo蜘蛛
92 72.30.216.* yahoo蜘蛛
93 72.30.226.* yahoo蜘蛛
94 72.30.252.* yahoo蜘蛛
95 72.30.97.* yahoo蜘蛛
96 72.30.98.* yahoo蜘蛛
97 72.30.99.* yahoo蜘蛛
98 74.6.74.* yahoo蜘蛛
99 202.108.4.* 中搜蜘蛛
100 202.108.4.* 中搜蜘蛛
101 202.108.33.* 中搜蜘蛛
102 202.96.51.* 中搜蜘蛛
103 219.142.53.* 中搜蜘蛛

iphone 1.1.3/1.1.4 完美破解指南

首先用itunes将iphone升级至1.1.3/1.1.4
然后运行ziphone激活,破解,解锁……
安装openssh
root登陆,密码:alpine
安全起见 #chmod -x /usr/bin/passwd
这里生成密码,salt为/s,用它替换root密码(/etc/master.passwd)
然后移动 /Application /Library 到第二分区

iPhone的通讯录以拼音排序

在iphone中安装php
将代码保存为py.php
ssh 登陆iphone或者在iphone安装Term-vt100
执行 php py.php 等待重启完成
结束

支持的中文貌似很有限,拼音表的处理看来要自己搞一个了,这个在网上找的。

py.php

[code lang=”php”]

* @version 0.2beta
*/
error_reporting(0);
$sqlite_file = ‘/private/var/root/Library/AddressBook/AddressBook.sqlitedb’; // 1.1.3 以前的版本
$sqlite_file = ‘/private/var/mobile/Library/AddressBook/AddressBook.sqlitedb’; // 1.1.3 以后的版本
if (!file_exists($sqlite_file)) {
println(“SQLiteDB:File Notfound.”);
die;
}
$dsn = “sqlite:{$sqlite_file}”;
try {
$dbh = new PDO($dsn);
println(“Open {$dsn} OK.”);
} catch (Exception $e) {
println(“Open {$dsn} ERROR:”.$e->getMessage());
die;
}
$stmt = $dbh->query(“SELECT ROWID, First, Last FROM ABPerson”);
while ($person = $stmt->fetch(PDO::FETCH_ASSOC)) {
$first = ucfirst(Py::parse(u2g($person[‘First’])));
$last = ucfirst(Py::parse(u2g($person[‘Last’])));
$dbh->query(“update ABPerson set FirstSort='{$first}’, LastSort='{$last}’ where ROWID = {$person[‘ROWID’]} ;\n”);
println(“{$person[‘ROWID’]}\tOK.”);
}
println(“done.”);
println(“rebooting…”);
system(‘launchctl stop com.apple.SpringBoard’);

function u2g($str) {
return iconv(‘utf-8’, ‘gbk’, $str);
}

function println($str) {
echo “$str\n”;
flush();
}

class Py {
private static $table = array(
array(“a”,-20319),
array(“ai”,-20317),
array(“an”,-20304),
array(“ang”,-20295),
array(“ao”,-20292),
array(“ba”,-20283),
array(“bai”,-20265),
array(“ban”,-20257),
array(“bang”,-20242),
array(“bao”,-20230),
array(“bei”,-20051),
array(“ben”,-20036),
array(“beng”,-20032),
array(“bi”,-20026),
array(“bian”,-20002),
array(“biao”,-19990),
array(“bie”,-19986),
array(“bin”,-19982),
array(“bing”,-19976),
array(“bo”,-19805),
array(“bu”,-19784),
array(“ca”,-19775),
array(“cai”,-19774),
array(“can”,-19763),
array(“cang”,-19756),
array(“cao”,-19751),
array(“ce”,-19746),
array(“ceng”,-19741),
array(“cha”,-19739),
array(“chai”,-19728),
array(“chan”,-19725),
array(“chang”,-19715),
array(“chao”,-19540),
array(“che”,-19531),
array(“chen”,-19525),
array(“cheng”,-19515),
array(“chi”,-19500),
array(“chong”,-19484),
array(“chou”,-19479),
array(“chu”,-19467),
array(“chuai”,-19289),
array(“chuan”,-19288),
array(“chuang”,-19281),
array(“chui”,-19275),
array(“chun”,-19270),
array(“chuo”,-19263),
array(“ci”,-19261),
array(“cong”,-19249),
array(“cou”,-19243),
array(“cu”,-19242),
array(“cuan”,-19238),
array(“cui”,-19235),
array(“cun”,-19227),
array(“cuo”,-19224),
array(“da”,-19218),
array(“dai”,-19212),
array(“dan”,-19038),
array(“dang”,-19023),
array(“dao”,-19018),
array(“de”,-19006),
array(“deng”,-19003),
array(“di”,-18996),
array(“dian”,-18977),
array(“diao”,-18961),
array(“die”,-18952),
array(“ding”,-18783),
array(“diu”,-18774),
array(“dong”,-18773),
array(“dou”,-18763),
array(“du”,-18756),
array(“duan”,-18741),
array(“dui”,-18735),
array(“dun”,-18731),
array(“duo”,-18722),
array(“e”,-18710),
array(“en”,-18697),
array(“er”,-18696),
array(“fa”,-18526),
array(“fan”,-18518),
array(“fang”,-18501),
array(“fei”,-18490),
array(“fen”,-18478),
array(“feng”,-18463),
array(“fo”,-18448),
array(“fou”,-18447),
array(“fu”,-18446),
array(“ga”,-18239),
array(“gai”,-18237),
array(“gan”,-18231),
array(“gang”,-18220),
array(“gao”,-18211),
array(“ge”,-18201),
array(“gei”,-18184),
array(“gen”,-18183),
array(“geng”,-18181),
array(“gong”,-18012),
array(“gou”,-17997),

array(“gu”,-17988),
array(“gua”,-17970),
array(“guai”,-17964),
array(“guan”,-17961),
array(“guang”,-17950),
array(“gui”,-17947),
array(“gun”,-17931),
array(“guo”,-17928),
array(“ha”,-17922),
array(“hai”,-17759),
array(“han”,-17752),
array(“hang”,-17733),
array(“hao”,-17730),
array(“he”,-17721),
array(“hei”,-17703),
array(“hen”,-17701),
array(“heng”,-17697),
array(“hong”,-17692),
array(“hou”,-17683),
array(“hu”,-17676),
array(“hua”,-17496),
array(“huai”,-17487),
array(“huan”,-17482),
array(“huang”,-17468),
array(“hui”,-17454),
array(“hun”,-17433),
array(“huo”,-17427),
array(“ji”,-17417),
array(“jia”,-17202),
array(“jian”,-17185),
array(“jiang”,-16983),
array(“jiao”,-16970),
array(“jie”,-16942),
array(“jin”,-16915),
array(“jing”,-16733),
array(“jiong”,-16708),
array(“jiu”,-16706),
array(“ju”,-16689),
array(“juan”,-16664),
array(“jue”,-16657),
array(“jun”,-16647),
array(“ka”,-16474),
array(“kai”,-16470),
array(“kan”,-16465),
array(“kang”,-16459),
array(“kao”,-16452),
array(“ke”,-16448),
array(“ken”,-16433),
array(“keng”,-16429),
array(“kong”,-16427),
array(“kou”,-16423),
array(“ku”,-16419),
array(“kua”,-16412),
array(“kuai”,-16407),
array(“kuan”,-16403),
array(“kuang”,-16401),
array(“kui”,-16393),
array(“kun”,-16220),
array(“kuo”,-16216),
array(“la”,-16212),
array(“lai”,-16205),
array(“lan”,-16202),
array(“lang”,-16187),
array(“lao”,-16180),
array(“le”,-16171),
array(“lei”,-16169),
array(“leng”,-16158),
array(“li”,-16155),
array(“lia”,-15959),
array(“lian”,-15958),
array(“liang”,-15944),
array(“liao”,-15933),
array(“lie”,-15920),
array(“lin”,-15915),
array(“ling”,-15903),
array(“liu”,-15889),
array(“long”,-15878),
array(“lou”,-15707),
array(“lu”,-15701),
array(“lv”,-15681),
array(“luan”,-15667),
array(“lue”,-15661),
array(“lun”,-15659),
array(“luo”,-15652),
array(“ma”,-15640),
array(“mai”,-15631),
array(“man”,-15625),
array(“mang”,-15454),
array(“mao”,-15448),
array(“me”,-15436),
array(“mei”,-15435),
array(“men”,-15419),
array(“meng”,-15416),
array(“mi”,-15408),
array(“mian”,-15394),
array(“miao”,-15385),
array(“mie”,-15377),
array(“min”,-15375),
array(“ming”,-15369),
array(“miu”,-15363),
array(“mo”,-15362),
array(“mou”,-15183),
array(“mu”,-15180),
array(“na”,-15165),
array(“nai”,-15158),
array(“nan”,-15153),
array(“nang”,-15150),
array(“nao”,-15149),
array(“ne”,-15144),
array(“nei”,-15143),
array(“nen”,-15141),
array(“neng”,-15140),
array(“ni”,-15139),
array(“nian”,-15128),
array(“niang”,-15121),
array(“niao”,-15119),
array(“nie”,-15117),
array(“nin”,-15110),
array(“ning”,-15109),
array(“niu”,-14941),
array(“nong”,-14937),
array(“nu”,-14933),
array(“nv”,-14930),
array(“nuan”,-14929),
array(“nue”,-14928),
array(“nuo”,-14926),
array(“o”,-14922),
array(“ou”,-14921),
array(“pa”,-14914),
array(“pai”,-14908),
array(“pan”,-14902),
array(“pang”,-14894),
array(“pao”,-14889),
array(“pei”,-14882),
array(“pen”,-14873),
array(“peng”,-14871),
array(“pi”,-14857),
array(“pian”,-14678),
array(“piao”,-14674),
array(“pie”,-14670),
array(“pin”,-14668),
array(“ping”,-14663),
array(“po”,-14654),
array(“pu”,-14645),
array(“qi”,-14630),
array(“qia”,-14594),
array(“qian”,-14429),
array(“qiang”,-14407),
array(“qiao”,-14399),
array(“qie”,-14384),
array(“qin”,-14379),
array(“qing”,-14368),
array(“qiong”,-14355),
array(“qiu”,-14353),
array(“qu”,-14345),
array(“quan”,-14170),
array(“que”,-14159),
array(“qun”,-14151),
array(“ran”,-14149),
array(“rang”,-14145),
array(“rao”,-14140),
array(“re”,-14137),
array(“ren”,-14135),
array(“reng”,-14125),
array(“ri”,-14123),
array(“rong”,-14122),
array(“rou”,-14112),
array(“ru”,-14109),
array(“ruan”,-14099),
array(“rui”,-14097),
array(“run”,-14094),
array(“ruo”,-14092),
array(“sa”,-14090),
array(“sai”,-14087),
array(“san”,-14083),
array(“sang”,-13917),
array(“sao”,-13914),
array(“se”,-13910),
array(“sen”,-13907),
array(“seng”,-13906),
array(“sha”,-13905),
array(“shai”,-13896),
array(“shan”,-13894),
array(“shang”,-13878),
array(“shao”,-13870),
array(“she”,-13859),
array(“shen”,-13847),
array(“sheng”,-13831),
array(“shi”,-13658),
array(“shou”,-13611),
array(“shu”,-13601),
array(“shua”,-13406),
array(“shuai”,-13404),
array(“shuan”,-13400),
array(“shuang”,-13398),
array(“shui”,-13395),
array(“shun”,-13391),
array(“shuo”,-13387),
array(“si”,-13383),
array(“song”,-13367),
array(“sou”,-13359),
array(“su”,-13356),
array(“suan”,-13343),
array(“sui”,-13340),
array(“sun”,-13329),
array(“suo”,-13326),
array(“ta”,-13318),
array(“tai”,-13147),
array(“tan”,-13138),
array(“tang”,-13120),
array(“tao”,-13107),
array(“te”,-13096),
array(“teng”,-13095),
array(“ti”,-13091),
array(“tian”,-13076),
array(“tiao”,-13068),
array(“tie”,-13063),
array(“ting”,-13060),
array(“tong”,-12888),
array(“tou”,-12875),
array(“tu”,-12871),
array(“tuan”,-12860),
array(“tui”,-12858),
array(“tun”,-12852),
array(“tuo”,-12849),
array(“wa”,-12838),
array(“wai”,-12831),
array(“wan”,-12829),
array(“wang”,-12812),
array(“wei”,-12802),
array(“wen”,-12607),
array(“weng”,-12597),
array(“wo”,-12594),
array(“wu”,-12585),
array(“xi”,-12556),
array(“xia”,-12359),
array(“xian”,-12346),
array(“xiang”,-12320),
array(“xiao”,-12300),
array(“xie”,-12120),
array(“xin”,-12099),
array(“xing”,-12089),
array(“xiong”,-12074),
array(“xiu”,-12067),
array(“xu”,-12058),
array(“xuan”,-12039),
array(“xue”,-11867),
array(“xun”,-11861),
array(“ya”,-11847),
array(“yan”,-11831),
array(“yang”,-11798),
array(“yao”,-11781),
array(“ye”,-11604),
array(“yi”,-11589),
array(“yin”,-11536),
array(“ying”,-11358),
array(“yo”,-11340),
array(“yong”,-11339),
array(“you”,-11324),
array(“yu”,-11303),
array(“yuan”,-11097),
array(“yue”,-11077),
array(“yun”,-11067),
array(“za”,-11055),
array(“zai”,-11052),
array(“zan”,-11045),
array(“zang”,-11041),
array(“zao”,-11038),
array(“ze”,-11024),
array(“zei”,-11020),
array(“zen”,-11019),
array(“zeng”,-11018),
array(“zha”,-11014),
array(“zhai”,-10838),
array(“zhan”,-10832),
array(“zhang”,-10815),
array(“zhao”,-10800),
array(“zhe”,-10790),
array(“zhen”,-10780),
array(“zheng”,-10764),
array(“zhi”,-10587),
array(“zhong”,-10544),
array(“zhou”,-10533),
array(“zhu”,-10519),
array(“zhua”,-10331),
array(“zhuai”,-10329),
array(“zhuan”,-10328),
array(“zhuang”,-10322),
array(“zhui”,-10315),
array(“zhun”,-10309),
array(“zhuo”,-10307),
array(“zi”,-10296),
array(“zong”,-10281),
array(“zou”,-10274),
array(“zu”,-10270),
array(“zuan”,-10262),
array(“zui”,-10260),
array(“zun”,-10256),
array(“zuo”,-10254)
);

private function __construct() {}

private static function get($num) {
if($num > 0 && $num < 160){ return chr($num); } elseif($num < -20319 || $num > -10247) {
return ”;
} else {
for ($i = count(self::$table)-1; $i>=0; $i–) {
if(self::$table[$i][1] <= $num) break; } return self::$table[$i][0]; } } public static function parse($str) { if (empty($str)) { return ''; } $r=""; for($i = 0; $i < strlen($str); $i++) { $p = ord(substr($str, $i, 1)); if($p > 160){
$q = ord(substr($str, ++$i, 1));
$p = $p * 256 + $q – 65536;
}
$r .= self::get($p);
}
return $r;
}
}
?>
[/code]

—-
update 把重起iphone改为重启SpringBoard
update 修正代码中一个逻辑错误和改进一个描述 2008/4/6
update iphone 1.1.3 以后,数据库地址改变

都是dash惹的祸

困扰我一个春天的问题!
Ubuntu
某天下了一个nerolinux,然后安装
安装失败,提示某脚本出错,看上去是语法错误
出错嘛就删除了哦
结果删除失败,提示同样的错误
导致使用apt-get任何时候都提示这个错误
几经搞整以后造成“新立得”无法正常运行
准备好光盘准备重装了
同时继续寻找希望,搜编google没有正解
其中错误包括:

dpkg (子进程):无法执行新的 post-removal script: No such file or directory
dpkg: 作下列清理工作时发生错误:
子进程·post-removal script·返回了错误号·2
在处理时有错误发生:
————————————-
软件包nerolinux 需要重新安装,但是我无法找到相应的安装文件。

仔细看了一下错误文件
/var/lib/dpkg/info/nerolinux.xxx
打开一看,语法好像不太寻常,我看到了 function 字样
再看头部 #!/bin/sh
改为 #!/bin/bash 后解决问题
ls -l /bin/sh 这个东西是链接到 dash 而不是 bash的
自从ubuntu 6.10 开始就是这样,很让人头痛,很多脚本运行有问题
见过有人为了装一个软件先把 bash->sh 装完了再 dash->sh 回去

妈B的,不改回去了,也没见哪个脚本运行不正常的!
最后,不知道这个dash是啥东东,本来想大骂一顿的,不过…… 还是算了……

ssh SendEnv 问题

远程主机不支持 zh_CN.UTF-8 我机器确是
ssh时:

debug1: Sending environment.
debug1: Sending env LANG = zh_CN.UTF-8
debug1: Sending env LC_CTYPE = zh_CN.UTF-8

造成远程很多程序不能运行

我认为既是远程,就不管那么多了,语言环境随它去比较好

修改
/etc/ssh/ssh_config
注销掉 SendEnv LANG LC_*
即可

再谈 jre / ZendStudio 中文字体问题

找了若干资料,终于有了结果
原来如此简单:

把 Courier New 的几个字体文件 copy 到 jre/lib/fonts/

cd xxx/jre/lib/fonts
mkfontscale
cp fonts.scale fonts.dir
cd ../
cp fontconfig.properties.src fontconfig.properties
vi fontconfig.properties

修改相关位置:

monospaced.plain.latin-1=-monotype-courier new-medium-r-normal–0-0-0-0-m-0-iso8859-1
monospaced.bold.latin-1=-monotype-courier new-bold-r-normal–0-0-0-0-m-0-iso8859-1
monospaced.italic.latin-1=-monotype-courier new-medium-i-normal–0-0-0-0-m-0-iso8859-1
monospaced.bolditalic.latin-1=-monotype-courier new-bold-i-normal–0-0-0-0-m-0-iso8859-1

最后再 cp 一个你喜欢的中文字体到 xxx/jre/fonts/fallback/
打开 ZDE,设置字体为 monospaced
这下爽了,我顶你个肺!

注意:此方法只在 Ubuntu 下测试通过,另外 Windows 是不适用的,如果是suse或者redhat之类的系统,主意看 xxx/jre/lib 下面的fontconfig.xxxx 文件,与当前系统相关做相应的修改就可以(没试过)

相关网址:http://java.sun.com/j2se/1.5.0/docs/guide/intl/fontconfig.html

bash 中的正则表达式

类似

$ps ax | grep -v grep | grep httpd | tr -s ‘ ‘ | cut -d ‘ ‘ -f1

的方法来取得pid确实还挺好用的,不过今天要取得这个程序执行了多长时间,这个就麻烦了,因为时间中间有空格
翻了半天的man还是没好的解决方案,换了台机器,ubuntu 的,发现 ps 有不小的区别,可以这样:

$ps -eo pid,lstart,args | grep httpd | grep -v grep
2374 Wed Sep 13 00:41:59 2006 /usr/local/httpd/bin/httpd -k restart
2469 Wed Sep 13 00:42:03 2006 /usr/local/httpd/bin/httpd -k restart
22470 Wed Sep 13 00:42:03 2006 /usr/local/httpd/bin/httpd -k restart
22472 Wed Sep 13 00:42:03 2006 /usr/local/httpd/bin/httpd -k restart
22474 Wed Sep 13 00:42:03 2006 /usr/local/httpd/bin/httpd -k restart

其中最前面的数字是pid 中间 Wed Sep 13 00:41:59 2006 是开始时间,后面的所有是”args” (linux下面的ps有lstart这个参数)
这个就麻烦了,args自然只是为了匹配进程特征,中间的时间才是我要的东西。
再找找关于grep的说明(这些小工具都强到一种境界,据说一个sed就写了一本书),一个 -o 参数搞定

$pid=ps -eo pid,lstart,args | grep httpd | grep -v grep | egrep -o ^\ ?[0-9]+\

注意最后有一个空格 “\ ” 这样比较保险一点
发现出来的内容

2374
2469
22470
22472
22474

有空格,加一个 tr:

$pid=ps -eo pid,lstart,args | grep httpd | grep -v grep | egrep -o ^\ ?[0-9]+\ | tr -d ‘ ‘

同理时间也就简单了:

$ps -eo pid,lstart,args | grep httpd | grep -v grep | egrep -o \ [A-Z][a-zA-Z0-9\ :]+\ [0-9]{4}

转换成时间戳:

$ps -eo pid,lstart,args | grep httpd | grep -v grep | egrep -o \ [A-Z][a-zA-Z0-9\ :]+\ [0-9]{4} | ……

操,卡住了,做的时候都是传的变量。。。

幸好高人(hightman)指点

$ps -eo pid,lstart,args | grep httpd | grep -v grep | egrep -o \ [A-Z][a-zA-Z0-9\ :]+\ [0-9]{4} | xargs -ishit date -d “shit” +%s
1157349945
1158050727
1158144618
1158145964
1158147191