[英]Problem to realize a specific regex filter for Fail2ban service
我找不到合適的正則表達式來匹配我要識別的元素
我要分析的日志文件示例:
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
[20190625-10:19:22] [INFO ] xrdp_wm_log_msg: login failed for display 0
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52167
[20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52176
[20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52177
我想找到正則表達式來檢測這種樣式的線:
[20190625-11:47:51] [INFO ] A connection received from: ::ffff:192.168.1.32 port 55737
我已經測試了failregex = ^.*ffff:<HOST> port *$
Not ok
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 6 lines, 0 ignored, 0 matched, 6 missed
[processed in 0.01 sec]
|- Missed line(s):
| [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
| [20190625-10:19:22] [INFO ] xrdp_wm_log_msg: login failed for display 0
| [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
| [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52167
| [20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52176
| [20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52177
我不太確定,只是猜測我們可能想要一個類似於以下內容的表達式:
(\[[0-9]{8}.+?A connection received from: ::ffff:.+?port\s+[0-9]+)
帶有s
標志。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.