- 对目录进行排序
FS 表示 awk 分隔符ls | awk -v FS="Capture-" '{print $2}'|sort -n -t "-" -k 1 ls | sort -n -t "-" -k 5
-n 表示按照数字大小排序
-t 表示 sort 命令的分隔符
2. 显示独有的字符串
ls | awk -v FS="-" '{print $2}'|uniq -c查看标签类别个数
cat CTU-IoT-Malware-Capture-1-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c筛选某一列为指定内容
cat CTU-IoT-Malware-Capture-43-1/bro/conn.log.labeled | awk '{if($2==123) print $0}' awk '{print $23}' CTU-IoT-Malware-Capture-1-1/bro/conn.log.labeled |sort|uniq -c awk '{if($3=="192.168.1.198" && $4==36934) print $0}' CTU-IoT-Malware-Capture-1-1/bro/conn.log.labeled |sort|uniq -c awk '{if($3=="192.168.1.198" && $4==36934) print $0}' CTU-IoT-Malware-Capture-43-1/bro/conn.log.labeled # 多条件搜索
$ cat CTU-IoT-Malware-Capture-1-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
469275 -
8 C&C
1 label
539465 PartOfAHorizontalPortScan
1 string
$ cat CTU-IoT-Malware-Capture-3-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
4536 -
5962 Attack
8 C&C
1 label
145597 PartOfAHorizontalPortScan
1 string
cat CTU-IoT-Malware-Capture-7-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
75955 -
5778 C&C-HeartBeat
39584 DDoS
1 label
11333397 Okiru
1 string
cat CTU-IoT-Malware-Capture-8-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
2181 -
8222 C&C
1 label
1 string
cat CTU-IoT-Malware-Capture-9-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
22548 -
1 label
6355745 PartOfAHorizontalPortScan
1 string
cat CTU-IoT-Malware-Capture-17-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
31438 -
4 Attack
6834 C&C-HeartBeat
13655172 DDoS
1 label
13655215 Okiru
27311187 PartOfAHorizontalPortScan
5 PartOfAHorizontalPortScan-Attack
1 string
cat CTU-IoT-Malware-Capture-20-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
3193 -
16 C&C-Torii
1 label
1 string
cat CTU-IoT-Malware-Capture-21-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
3272 -
14 C&C-Torii
1 label
1 string
cat CTU-IoT-Malware-Capture-33-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
1380791 -
5278 C&C-HeartBeat
1 label
13609467 Okiru
39459055 PartOfAHorizontalPortScan
1 string
cat CTU-IoT-Malware-Capture-34-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
1923 -
6706 C&C
14394 DDoS
1 label
122 PartOfAHorizontalPortScan
1 string
cat CTU-IoT-Malware-Capture-35-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
8262389 -
3 Attack
81 C&C
12 C&C-FileDownload
2185302 DDoS
1 label
1 string
cat CTU-IoT-Malware-Capture-36-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
2663 -
15688 C&C-HeartBeat
1 label
13626744 Okiru
3 Okiru-Attack
1 string
cat CTU-IoT-Malware-Capture-39-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
7337 -
677 Attack
1530 C&C
1 label
73559437 PartOfAHorizontalPortScan
1 string
cat CTU-IoT-Malware-Capture-42-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
4420 -
3 C&C-FileDownload
3 FileDownload
1 label
1 string
cat CTU-IoT-Malware-Capture-43-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
20574934 -
3498 C&C
14 C&C-FileDownload
65803 DDoS
1 FileDownload
1 label
8765885 Okiru
37911674 PartOfAHorizontalPortScan
1 string
cat CTU-IoT-Malware-Capture-44-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
211 -
14 C&C
11 C&C-FileDownload
1 DDoS
1 label
1 string
cat CTU-IoT-Malware-Capture-48-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
3734 -
2752 Attack
834 C&C-HeartBeat-Attack
11 C&C-HeartBeat-FileDownload
888 C&C-PartOfAHorizontalPortScan
1 label
3386119 PartOfAHorizontalPortScan
1 string
cat CTU-IoT-Malware-Capture-49-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
3665 -
1922 C&C
1 C&C-FileDownload
14 FileDownload
1 label
5404959 PartOfAHorizontalPortScan
1 strin
cat CTU-IoT-Malware-Capture-52-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
1794 -
6 C&C
12 C&C-FileDownload
2 C&C-Mirai
1 label
19779564 PartOfAHorizontalPortScan
1 string
cat CTU-IoT-Malware-Capture-60-1/bro/conn.log.labeled | awk '{print $23}'|sort|uniq -c
7
2476 -
95 C&C-HeartBeat
3578457 DDoS
1 label
1 string
