31 lines
1.2 KiB
Bash
Executable File
31 lines
1.2 KiB
Bash
Executable File
#! /usr/bin/env bash
|
|
#
|
|
# Replace columns from "zeekctl ps.zeek" output that are not predictable
|
|
# (such as PID) with Xs, and then sort the lines.
|
|
|
|
awk '{
|
|
# Process only lines that have first field of "(+)" or "(-)"
|
|
if ( $1 ~ /\([+-]\)/ )
|
|
{
|
|
# replace username
|
|
$2 = "xxxxxx"
|
|
|
|
# Check the format of each field, and replace with Xs only if the
|
|
# format is expected (some fields have unpredictable length, but
|
|
# we need a constant-width string of Xs).
|
|
if ( $3 ~ /^[0-9]+$/ ) { $3 = "XXXXX" } # PID
|
|
if ( $4 ~ /^[0-9]+$/ ) { $4 = "XXXXX" } # PPID
|
|
if ( $5 ~ /^[0-9]+\.?[0-9]$/ ) { $5 = "XX.X" } # %CPU
|
|
if ( $6 ~ /^[0-9]+\.[0-9]$/ ) { $6 = "XX.X" } # %MEM
|
|
if ( $7 ~ /^[0-9]+$/ ) { $7 = "XXXXX" } # VSZ
|
|
if ( $8 ~ /^[0-9]+$/ ) { $8 = "XXXXX" } # RSS
|
|
if ( $9 ~ /^[?-]/ ) { $9 = "X" } # TT
|
|
if ( $10 ~ /^[RSU]/ ) { $10 = "X" } # S
|
|
if ( $11 ~ /[0-9]/ ) { $11 = "XX:XX:XX" } # STARTED
|
|
if ( $12 ~ /^[0-9]/ ) { $12 = "XX:XX:XX" } # TIME
|
|
}
|
|
|
|
# Do not output the header line (it is system-dependent)
|
|
if ( NR > 1 ) { print }
|
|
}' | sort
|