Ruby on Rails只記錄未經授權的請求解析

Question

我需要解析我的生產軌應用程序日誌文件。我只需要提取未經授權的請求。

那些部分開始與Started POST "/...some_url..."並用Completed 401 Unauthorized in {some_number}ms

我是全成與cat mylog.log | grep -B 5 "Completed 401 Unauthorized" exracting結尾結束，但是這個命令捕捉上下文之前只有5字符串。這種背景可能在很大範圍內變化。

那麼，如何捕捉起始字符串也抓取整個Completed 401 Unauthorized上下文？

UPD：日誌文件示例：

Started POST "/api/orders" for 111.222.333.444 at 2014-02-12 07:37:23 +0400 
Processing by Api::V2::OrdersController#create as JSON 
    Parameters: {bla 
    bla 
    bla} 
WARNING: Can't verify CSRF token authenticity 
    Partner Load (0.9ms) SELECT `partners`.* FROM `partners` WHERE `partners`.`agent_referer` = 'abcde' LIMIT 1 
Completed 401 Unauthorized in 4ms 

... 

Started GET "/search/flights?depart_city=SVX&destin_city=AER&depart_date=17.02.2014&return_date=21.02.2014" for 111.222.333.444 at 2014-02-12 06:29:19 +0400 
Processing by Api::V1::TripsController#index as JSON 
    Parameters: {bla bla bla} 
    Partner Load (0.1ms) SELECT `partners`.* FROM `partners` WHERE `partners`.`agent_referer` = 'xxx' LIMIT 1 
    Partner Load (0.1ms) SELECT `partners`.* FROM `partners` WHERE `partners`.`name` = 'xxx' LIMIT 1 
    Partner Load (0.0ms) SELECT `partners`.* FROM `partners` WHERE `partners`.`agent_referer` = 'xxx' 
    (0.0ms) SELECT COUNT(*) FROM `partner_statuses` WHERE `partner_statuses`.`partner_id` = 26 AND (active_to >= '2014-02-11 19:59:59') 
    PartnerStatus Load (0.0ms) SQL REQUEST HERE 
    Rendered api/v1/trips/index.xml.builder (0.6ms) 
Completed 200 OK in 39ms (Views: 1.3ms | ActiveRecord: 25.7ms) 

Answer 1

在AWK使用一個小的狀態機：

awk ' 
    $1 == "Started" { capture = 1 } 
    capture   { lines[n++] = $0 } 
    $1 == "Completed" { 
     capture=0 
     if ($3 == "Unauthorized") 
      for (i=0; i<n; i++) 
       print lines[i] 
     n=0 
     delete lines 
    } 
' log.log