如何根据默认不包含的pihole.log生成包含MAC adress的新日志文件

Question

我有一个/var/log/pihole.log，它包含这样的行：

Nov 29 18:49:33 dnsmasq[13568]: query[AAAA] firebaselogging-pa.googleapis.com from 192.168.0.10
Nov 29 18:49:33 dnsmasq[13568]: query[A] firebaselogging-pa.googleapis.com from 192.168.0.10
Nov 29 18:49:41 dnsmasq[13568]: query[AAAA] app-measurement.com from 192.168.0.10
Nov 29 18:49:41 dnsmasq[13568]: query[A] app-measurement.com from 192.168.0.10
Nov 29 18:49:57 dnsmasq[13568]: query[AAAA] in.treasuredata.com from 192.168.0.10
Nov 29 18:49:57 dnsmasq[13568]: query[A] in.treasuredata.com from 192.168.0.10

arp -a给了我MAC和IP之间的匹配：

root@raspberrypi:/var/log# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.81             ether   c8:5b:76:e1:3c:6f   C                     wlan0
192.168.0.136            ether   14:ab:c5:09:de:81   C                     wlan0
192.168.0.207            ether   68:c6:3a:a2:f4:e1   C                     wlan0
192.168.0.213            ether   60:01:94:70:e9:9c   C                     wlan0
192.168.0.67             ether   8c:fe:57:51:1d:51   C                     wlan0

我想要生成一个新的活pihole2.log文件与MAC在最后。她是我的剧本：

tail -f /var/log/pihole.log|grep "query" |grep -v "

我使用nico.sh执行arp搜索。nico.sh包含：

#!/bin/sh
param=$1
cmd="$(arp -n|awk '$1 == x {print $3}' x=$param)"
echo $cmd

当pihole.log显示额外的行时，脚本没有进展。

Answer 1

这条Bash单线线适用于我：

tail -f /var/log/pihole.log | while read line ; do echo -n "$line" ; ip=$(echo "$line" | awk '{print $NF}') ; mac=$(arp -n | grep '^'$ip' ' | awk '{print $3}') ; [ "$mac" = "" ] && echo " xx:xx:xx:xx:xx:xx" || echo " $mac" ; done >> /var/log/pihole2.log

或以多行形式：

#!/bin/bash
tail -f /var/log/pihole.log | while read line ; do
  echo -n "$line"
  ip=$(echo "$line" | awk '{print $NF}')
  mac=$(arp -n | grep '^'$ip' '|  awk '{print $3}')
  [ "$mac" = "" ] && echo " xx:xx:xx:xx:xx:xx" || echo " $mac"
done >> /var/log/pihole2.log