Basic awk Script Construction
Let’s begin with the simplest awk script that you can imagine, which we’ll call awk_kernel1.awk. It looks like this:
/kernel/
As you’ve likely guessed, this script will look through a specified file to search for all lines that contain the text string kernel. You already know that {print $0} is the default action if no action is specified. So, this script will print out every line that contains the specified text string.
In actual awk scripts, there’s no need to preface every command with awk, and there’s no need to surround the commands with pairs of single quotes, as you have to do when embedding awk commands in normal shell scripts. I didn’t put a shebang line into this script, so there’s no need to set the executable permission. Instead, just invoke the script like this:
donnie@fedora:~$ sudo awk -f awk_kernel1.awk /var/log/messages
Jan 11 16:17:55 fedora kernel: audit: type=1334 audit(1705007875.578:35): prog-id=60 op=LOAD
Jan 11 16:18:00 fedora kernel: msr: Write to unrecognized MSR 0x17f by mcelog (pid: 856).
Jan 11 16:18:00 fedora kernel: msr: See https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/about for details.
. . .
. . .
Jan 11 17:15:28 fedora kernel: fwupdmgr[1779]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
donnie@fedora:~$
Sure, that works. But, wouldn’t you really rather have a stand-alone, executable script? That’s easy enough to do. Just add the shebang line, like this:
#!/usr/bin/awk -f
/kernel/
Then, make the script executable, the same as you would do with normal bash scripts.
There are two things that I want you to notice about this shebang line. First, is that I’m using /usr/bin/ instead of /bin/ as the path to the awk executable. That’s because I want to make this script portable, so that it will run on Linux, Unix, and Unix-like systems such as FreeBSD and macOS.
The /bin/ path that you’re used to seeing in shebang lines is an artifact that’s been carried over from older Linux systems. On current Linux systems, /bin/ is a symbolic link that points to /usr/bin/. On older Linux systems, /bin/ and /usr/bin/ used to be two separate directories, which each contained two separate sets of program files. That’s no longer the case. Nowadays, you’ll find the awk executable in /usr/bin/ on all Linux systems.
FreeBSD still uses separate /bin/ and /usr/bin/ directories with different sets of program files. But, awk is in /usr/bin/, and there’s no symbolic link for it in /bin/. So, just use #!/usr/bin/awk, and you’ll be good-to-go for most operating systems.
The second thing to notice is that I still have to invoke awk with the -f option, which causes awk to read the program file. If you leave out the -f, the script won’t work.
Now that you’ve seen the basic structure of an awk script, let’s look at some awk programming constructs.
