xferlog日志查询脚本

#!/bin/bash

LOG_PATH="/var/log/xferlog*"

read -p "请输入用户名: " USER

echo "请选择传输方向："
echo " 1) 上传 (i)"
echo " 2) 下载 (o)"
echo " 3) 全部"
read -p "请输入选项 [1-3]: " DIR_CHOICE

echo "请选择传输结果："
echo " 1) 成功 (c)"
echo " 2) 失败/中断 (非 c)"
echo " 3) 全部"
read -p "请输入选项 [1-3]: " STATUS_CHOICE

read -p "是否启用路径脱敏（只保留文件名）？[y/N]: " MASK_PATH

read -p "是否限定时间范围（YYYY-MM-DD）？[y/N]: " LIMIT_TIME
if [ "$LIMIT_TIME" = "y" ] || [ "$LIMIT_TIME" = "Y" ]; then
read -p "开始日期（如 2025-12-01）: " START_DATE
read -p "结束日期（如 2025-12-31）: " END_DATE
fi

TS=$(date +%Y%m%d_%H%M%S)
DETAIL_CSV="xferlog_${USER}_detail_${TS}.csv"

# --- 使用 AWK 生成 CSV ---
awk -v user="$USER" -v dir="$DIR_CHOICE" -v stat="$STATUS_CHOICE" \
-v mask="$MASK_PATH" -v limit="$LIMIT_TIME" -v start="$START_DATE" -v end="$END_DATE" '
BEGIN {
FS=" "; OFS=",";
print "time,client_ip,user,direction,size_MB,path,status"
}
{
# 用户名过滤
if ($14 != user) next

# 方向过滤
if (dir == 1 && $12 != "i") next
if (dir == 2 && $12 != "o") next

# 状态过滤
status_field = $NF
if (stat == 1 && status_field != "c") next
if (stat == 2 && status_field == "c") next

# 时间范围过滤
if (limit == "y" || limit == "Y") {
log_day = $5"-"$2"-"$3
cmd_start = "date -d \"" start "\" +%Y%m%d"
cmd_end = "date -d \"" end "\" +%Y%m%d"
cmd_log = "date -d \"" log_day "\" +%Y%m%d"
cmd_start | getline s
cmd_end | getline e
cmd_log | getline d
close(cmd_start); close(cmd_end); close(cmd_log)
if (d < s || d > e) next
}

# 提取字段
time = $1" "$2" "$3" "$4" "$5
ip = $7
size = $8 / 1024 / 1024
path = $9

# 脱敏处理
if (mask == "y" || mask == "Y") {
n = split(path, arr, "/")
path = arr[n]
}

# 转换方向和状态
direction = ($12 == "i" ? "upload" : "download")
status = (status_field == "c" ? "success" : "fail")

# 输出 CSV
print time, ip, user, direction, size, path, status
}
' $LOG_PATH > "$DETAIL_CSV"

echo
echo " 明细 CSV 已生成：$DETAIL_CSV"