AWK Favorites
Infrastructure Patterns
SSH CA Certificate Status
Check Vault SSH cert expiry across all hosts:
# Vault SSH CA certificate status - parse expiry from all hosts
for host in vault-01 kvm-01 home-dc01 ise-01 nas-01; do
printf "%-15s " "$host"
ssh "$host" "ssh-keygen -Lf ~/.ssh/id_ed25519_vault-cert.pub 2>/dev/null" | \
awk '/Valid:/{print $2, $3, $4, $5}'
donek3s Pod Status Table
Formatted pod table with memory:
# k3s pod status with memory - formatted table
kubectl get pods -A -o json | jq -r '
.items[] | [.metadata.namespace, .metadata.name, .status.phase,
(.spec.containers[0].resources.requests.memory // "N/A")] | @tsv' | \
awk 'BEGIN {printf "%-20s %-45s %-10s %s\n", "NAMESPACE", "POD", "STATUS", "MEM"}
{printf "%-20s %-45s %-10s %s\n", $1, $2, $3, $4}'ISE Session Analysis
Authentication breakdown by policy set:
# ISE session analysis - authentication breakdown by policy set
netapi ise mnt sessions --format json | jq -r '.[] | .PolicySet' | \
awk '{count[$1]++} END {
printf "%-35s %s\n", "Policy Set", "Sessions"
printf "%-35s %s\n", "-----------------------------------", "--------"
for (ps in count) printf "%-35s %d\n", ps, count[ps]
}' | sort -t$'\t' -k2 -rnVault Audit Summary
Operations by type from audit log:
# Vault audit log analysis - operations by type (last 1000 lines)
sudo tail -1000 /var/log/vault/audit.log | \
jq -r '.request.operation' | \
awk '{ops[$1]++} END {
printf "%-15s %s\n", "Operation", "Count"
for (op in ops) printf "%-15s %d\n", op, ops[op]
}' | sort -t$'\t' -k2 -rnKVM VM Resources
VM resource allocation summary:
# KVM VM resource allocation summary
sudo virsh list --all | awk 'NR>2 && NF>0 {print $2}' | while read vm; do
vcpus=$(sudo virsh vcpucount "$vm" --current 2>/dev/null || echo "?")
mem=$(sudo virsh dominfo "$vm" 2>/dev/null | awk '/Max memory/{printf "%.1fG", $3/1024/1024}')
state=$(sudo virsh domstate "$vm" 2>/dev/null)
printf "%-25s %s vCPUs %s RAM [%s]\n" "$vm" "$vcpus" "$mem" "$state"
doneCore Patterns
Line Range Extraction
# Specific range
awk 'NR>=1363 && NR<=1380' file
# Single line
awk 'NR==73' file
# From line X to end
awk 'NR>=100' file
# With line numbers
awk 'NR>=10 && NR<=20 {print NR": "$0}' fileField Extraction
# Specific columns
awk '{print $1, $4}' file
# Custom delimiter
awk -F: '{print $1, $3}' /etc/passwd
# Last field
awk '{print $NF}' file
# Second to last
awk '{print $(NF-1)}' filePattern Matching + Aggregation
# Count by category
awk '{count[$1]++} END {for (k in count) print k, count[k]}' file
# Sum column
awk '{sum += $1} END {print sum}' file
# Lines matching pattern in field
awk '$3 ~ /failed/' fileauthorized_keys Cleanup
Dedupe, validate, count:
# SSH authorized_keys cleanup - dedupe, validate, count by type
awk '
!seen[$0]++ { # Dedupe
if (/^ssh-(ed25519|rsa|ecdsa)/) { # Valid key types only
type = $1
count[type]++
print
}
}
END {
for (t in count) print "# " t ": " count[t] " keys" > "/dev/stderr"
}
' ~/.ssh/authorized_keys > /tmp/cleaned_keys && \
mv /tmp/cleaned_keys ~/.ssh/authorized_keysLog Error Frequency
# Error frequency analysis with timestamps
journalctl -u sshd --since "1 hour ago" --no-pager | \
awk '/error|failed|denied/i {
split($0, a, " ")
hour = a[1] " " a[2] " " a[3]
errors[hour]++
}
END {
for (h in errors) printf "%s: %d errors\n", h, errors[h]
}' | sort