定义收集时间区间: time.ps1
$day = get-date -format 'dd' $bday = $day-1 $btime = get-date -format yyyy-M- $qtime = $btime+$bday $htime = get-date -format yyyy-M-d $a = 'T00:00:00' $b = 'T23:59:00' $A = $qtime+$a $B = $htime+$b get-eventlog -logname system -after $A -before $B | where {$_.eventID -eq 1} | Format-List
使用salt分发time.ps1文件到各Windows sever中:copydir.sls
copy_dir: file.managed: - name: C:\opstools\time.ps1 - source: salt://zhouz/time.ps1 - makedirs: 'True' cmd.run: - name: powershell.exe C:\opstools\time.ps1
使用脚本收集日志并分析
#!/bin/bash # fdir="/tmp/first" sdir="/tmp/second" tdir="/tmp/third" fodir="/tmp/forth" ColLogs() { echo "收集原始系统日志:" [ -d $fdir ] && rm -rf $fdir && mkdir $fdir || mkdir $fdir #weblist=`salt "主机名" test.ping | grep -v "True" | awk -F ':' '{print $1}'` #list="`salt "主机名" test.ping | grep -v "True" | awk -F ':' '{print $1}' | xargs echo`" list="`salt "主机名" test.ping | grep -v "True" | xargs echo | sed "s/://g"`" for i in $list; do salt "$i" state.sls zhouz.copydir &> $fdir/$i echo "$i is ok" done } TreatLogsA() { echo "整理初始化日志(为对比天、小时、分钟、秒钟等字符串是否一致做准备):" [ -d $tdir ] && rm -rf $tdir && mkdir $tdir || mkdir $tdir cd $fdir for i in $(ls BX*); do grep -A 1 ReplacementStrings $i | xargs echo >$tdir/$i cd $tdir sed -i 's/--/&\n/g' $i sed -i 's/--\|{\|}\|[[:space:]]//g' $i #sed -i 's/,/ /g' $i sed -i 's/,/\./g' $i sed -i 's/Z//g' $i #sed -i 's/\./:/g' $i sed -i 's/ReplacementStrings://g' $i #sed -i 's/T/:/g' $i #sed -i 's/2019-07-[0-9][0-9]T//g' $i #sed -i 's/\.[0-9]\{4,10\}Z//g' $i echo "$i is ok" cd $fdir done } TreatLogsB() { echo "对收集的初始系统日志进行整理(为对比 毫秒差值 做准备):" [ -d $sdir ] && rm -rf $sdir && mkdir $sdir || mkdir $sdir cd $fdir for i in $(ls BX*); do grep -A 1 "ReplacementStrings" $i | xargs echo >$sdir/$i cd $sdir sed -i 's/--/&\n/g' $i sed -i 's/--\|{\|}\|[[:space:]]\|Z//g' $i sed -i 's/,/:/g' $i sed -i 's/\,\ 1//g' $i # sed -i 's/\./:/g' $i 此处将 . 去掉 sed -i 's/\.//g' $i sed -i 's/ReplacementStrings://g' $i sed -i 's/T/:/g' $i # sed -i 's/2019-07-[0-9][0-9]T//g' $i echo "$i is ok" cd $fdir done } TreatLogsC() { echo "对收集的初始系统日志进行整理(为对比 秒差值 做准备):" [ -d $fodir ] && rm -rf $fodir && mkdir $fodir || mkdir $fodir cd $fdir for i in $(ls BX*); do grep -A 1 ReplacementStrings $i | xargs echo >$fodir/$i cd $fodir sed -i 's/--/&\n/g' $i sed -i 's/--\|{\|}\|[[:space:]]\|Z//g' $i sed -i 's/,/:/g' $i sed -i 's/\./:/g' $i #sed -i 's/\.//g' $i sed -i 's/ReplacementStrings://g' $i sed -i 's/T/:/g' $i #sed -i 's/2019-07-[0-9][0-9]T//g' $i echo "$i is ok" cd $fdir done } LogsDay() { echo "对比两列数据中秒钟是否一致:" cd $fodir mkdir $fodir/dtime &>/dev/null for i in $(ls BX*); do #cat $i | awk -F ":" '{print $1,":"$2,":"$3,($4-$9)}' >$fodir/dtime/$i cat $i | awk -F ":" '{print ($4-$9)}' >$fodir/dtime/$i cd $fodir/dtime #count=`grep -E -v "0|1" $i | wc -l` count=`grep -E -v "0" $i | wc -l` if [ $count -ge 1 ]; then echo "$i have problem" grep -v '0' $i else echo "$i is ok" fi cd $fodir done } DisTimePeriodA() { echo "对比天、小时、分钟、秒钟等字符串是否一致(批量)" cd $tdir mkdir $tdir/dtime &>/dev/null read_file='BX*' for file in ${read_file}; do echo "$file" for ((i=1;i<=$(cat $file| wc -l);i++)); do #first="$(sed -n ${i}p $file| awk '{print $1}')" first="$(sed -n ${i}p $file| awk -F "." '{print $1}')" #second="$(sed -n ${i}p $file | awk '{print $2}')" second="$(sed -n ${i}p $file | awk -F "." '{print $3}')" #echo "${first}" #echo "${second}" if [ "${first}" == "${second}" ]; then echo "${first} = ${second}" &>/dev/null else A="$(grep $first $file)" #B="$(grep $second $file)" #echo " ${first} != ${second}" echo " ${A}" fi done echo " " done } DisTimePeriodB() { echo "对比天、小时、分钟、秒钟等字符串是否一致(只查询有问题的主机)" cd $tdir mkdir $tdir/dtime &>/dev/null #read_file='BX*' #for file in ${read_file}; do read -p "请输入有问题的主机名: " file echo "$file" >>$tdir/dtime/$file for ((i=1;i<=$(cat $file| wc -l);i++)); do #first="$(sed -n ${i}p $file| awk '{print $1}')" first="$(sed -n ${i}p $file| awk -F "." '{print $1}')" #second="$(sed -n ${i}p $file | awk '{print $2}')" second="$(sed -n ${i}p $file | awk -F "." '{print $3}')" if [ "${first}" == "${second}" ]; then echo "${first} = ${second}" &>/dev/null else #echo " ${first} != ${second}" >>$tdir/dtime/$file A="$(grep $first $file)" echo " ${A}" fi # echo " " >>$tdir/dtime/$file done #done } LogsMillisecond() { echo "对比两列数据中 毫秒 是否一致:" cd $sdir mkdir $sdir/mtime &>/dev/null for i in $(ls BX*); do cat $i | awk -F ":" '{print $1,":"$2,":"$3,($4-$8)}' | sort -t $' ' -k4 -n >$sdir/mtime/$i cd $sdir/mtime echo "==================================================" echo "$i 两列毫秒为正数的数值最高的10个" cat $i |tail #echo "==================================================" #echo "$i 两列毫秒为正数的数值最小的10个" #cat $i |grep -v '\-[0-9][0-9][0-9][0-9][0-9]' |head -15 echo "==================================================" echo "$i 两列毫秒为负数的数值最大的10个" cat $i |grep '\-[0-9][0-9][0-9][0-9]' | head #echo "==================================================" #echo "$i 两列毫秒为负数的数值最小的10个" #cat $i |grep '\-[0-9][0-9][0-9][0-9]' | tail cd $sdir done } #ColLogs a="ColLogs" b="TreatLogsA" c="TreatLogsB" d="TreatLogsC" e="LogsDay" f="DisTimePeriodA" g="DisTimePeriodB" h="LogsMillisecond" echo "请选择你想要执行的功能: a: ColLog 收集windows server初始日志; b: TreatLogsA 整理初始化日志(为对比天、小时、分钟、秒钟等字符串是否一致做准备); c: TreatLogsB 整理初始化日志(为对比 毫秒 差值做准备); d: TreatLogsC 整理初始化日志(为对比 秒 差值做准备); e: LogsDay 对比两列数据中<< 秒 >>是否一致; f: DisTimePeriodA 对比天、小时、分钟、秒钟等字符串是否一致(批量显示); g: DisTimePeriodB 对比天、小时、分钟、秒钟等字符串是否一致(只查询有问题的主机); h: LogsMillisecond 对比两列数据中<< 毫秒 >>是否一致." read -n3 -p "请输入:" opt case $opt in a) $a ;; b) $b ;; c) $c ;; d) $d ;; e) $e ;; f) $f ;; g) $g ;; h) $h ;; *) echo "No opt" exit 1 esac
待补充