使用Python從字符串中提取IP
[英]Extract IP out of string with Python
問題描述
我只是看過正則表達式,所以有點困惑。 我編寫了一個程序,逐行實時分析“ auth.log”文件。 現在,我需要從條目中獲取其他信息。
if "sshd" in line
if "Accepted password" in line
REGEX Query to get the username and ip
elif "session closed" in line
REGEX Query to get the username
這是日志文件中的條目:
Nov 29 13:20:33 Debian sshd[4043]: Accepted password for patrick from ::1 port 50864 ssh2
Nov 29 13:20:33 Debian sshd[4043]: pam_unix(sshd:session): session opened for user patrick by (uid=0)
Nov 29 13:21:23 Debian sshd[4043]: pam_unix(sshd:session): session closed for user patrick
我應該選擇哪個工具來執行此操作? 研究?
2 個解決方案
解決方案1
1 已采納 2013-11-29 14:41:23
由於日志條目是嚴格格式化的,因此您可能不需要使用正則表達式:
$ cat t.txt
Nov 29 13:20:33 Debian sshd[4043]: Accepted password for patrick from ::1 port 50864 ssh2
Nov 29 13:20:33 Debian sshd[4043]: pam_unix(sshd:session): session opened for user patrick by (uid=0)
Nov 29 13:21:23 Debian sshd[4043]: pam_unix(sshd:session): session closed for user patrick
$ cat t.py
#/usr/bin/env python
for line in open('t.txt'):
if "sshd" in line:
if "Accepted password" in line:
print "User: ", line.split()[8]
print "IP: ", line.split()[10]
if "session closed" in line:
print "User: ", line.split()[10]
$ python t.py
User: patrick
IP: ::1
User: patrick
當然,您需要更加小心行中的if "sshd" in line:但是您知道了。
解決方案2
0 2013-11-29 13:26:09
這是我查找IPv6和IPv4地址的方法:
import re
ip6 = '''(?:(?x)(?:(?:[0-9a-f]{1,4}:){1,1}(?::[0-9a-f]{1,4}){1,6})|
(?:(?:[0-9a-f]{1,4}:){1,2}(?::[0-9a-f]{1,4}){1,5})|
(?:(?:[0-9a-f]{1,4}:){1,3}(?::[0-9a-f]{1,4}){1,4})|
(?:(?:[0-9a-f]{1,4}:){1,4}(?::[0-9a-f]{1,4}){1,3})|
(?:(?:[0-9a-f]{1,4}:){1,5}(?::[0-9a-f]{1,4}){1,2})|
(?:(?:[0-9a-f]{1,4}:){1,6}(?::[0-9a-f]{1,4}){1,1})|
(?:(?:(?:[0-9a-f]{1,4}:){1,7}|:):)|
(?::(?::[0-9a-f]{1,4}){1,7})|
(?:(?:(?:(?:[0-9a-f]{1,4}:){6})(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}))|
(?:(?:(?:[0-9a-f]{1,4}:){5}[0-9a-f]{1,4}:(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}))|
(?:(?:[0-9a-f]{1,4}:){5}:[0-9a-f]{1,4}:(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3})|
(?:(?:[0-9a-f]{1,4}:){1,1}(?::[0-9a-f]{1,4}){1,4}:(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3})|
(?:(?:[0-9a-f]{1,4}:){1,2}(?::[0-9a-f]{1,4}){1,3}:(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3})|
(?:(?:[0-9a-f]{1,4}:){1,3}(?::[0-9a-f]{1,4}){1,2}:(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3})|
(?:(?:[0-9a-f]{1,4}:){1,4}(?::[0-9a-f]{1,4}){1,1}:(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3})|
(?:(?:(?:[0-9a-f]{1,4}:){1,5}|:):(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3})|
(?::(?::[0-9a-f]{1,4}){1,5}:(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}))
'''
ip4 = '(?:[12]?\\d?\\d\\.){3}[12]?\\d?\\d'
ip = re.findall(ip4 + '|' + ip6, "111:111::1 1.1.1.1")
我從其他網站獲得了IPv6的正則表達式,該正則表達式與有效的IPv6地址匹配
正則表達式:如何從字符串中僅提取第一個IP地址(在Python中)
[英]Regex: how to extract only first IP address from string (in Python)
使用python從綁定日志字符串中提取IP地址和其他內容
[英]Extract ip addres and other stuff from a bind log string using python
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.