2014-09-04 58 views
1

我想使用regexp從下面的輸出中排除地址爲10.0.0.2的行。使用正則表達式排除符合條件的行

我的命令:

cat /var/log/secure | egrep '\s+sshd\[[[:digit:]]+\]: Failed password for (invalid user)?nessus from \S+' 

輸出:

Aug 28 09:58:18 server34 sshd[13567]: Failed password for invalid user nessus from 10.0.0.4 port 33254 ssh2 
Aug 28 09:58:57 server34 sshd[13577]: Failed password for invalid user nessus from 10.0.0.4 port 33366 ssh2 
Aug 28 10:01:09 server34 sshd[13854]: Failed password for invalid user nessus from 10.0.0.4 port 33841 ssh2 
Aug 28 10:01:30 server34 sshd[13932]: Failed password for invalid user nessus from 10.0.0.4 port 34074 ssh2 
Aug 28 10:01:48 server34 sshd[13957]: Failed password for invalid user nessus from 10.0.0.4 port 36108 ssh2 
Aug 28 10:01:50 server34 sshd[13959]: Failed password for invalid user nessus from 10.0.0.4 port 36540 ssh2 
Aug 29 03:29:11 server34 sshd[7461]: Failed password for invalid user nessus from 10.0.0.2 port 46375 ssh2 
Aug 29 03:29:54 server34 sshd[7475]: Failed password for invalid user nessus from 10.0.0.2 port 34047 ssh2 
Aug 29 03:31:51 server34 sshd[8335]: Failed password for invalid user nessus from 10.0.0.2 port 47509 ssh2 
Aug 29 03:31:58 server34 sshd[8355]: Failed password for invalid user nessus from 10.0.0.2 port 48692 ssh2 
Aug 29 03:32:42 server34 sshd[8423]: Failed password for invalid user nessus from 10.0.0.2 port 54580 ssh2 
Aug 29 03:32:49 server34 sshd[8425]: Failed password for invalid user nessus from 10.0.0.2 port 55557 ssh2 

我想堅持使用正則表達式(在當前的格式),因爲這是SCOM使用時scans log files在Linux中。

+0

你能張貼輸入和預期的輸出? – 2014-09-04 17:06:27

回答

1

您可以刪除無用cat和使用其他grep -v排除:

egrep '\s+sshd\[[[:digit:]]+\]: Failed password for (invalid user)?nessus from' /var/log/secure | \ 
grep -F -v '10.0.0.2' 

要做到這一點使用單grep

grep -P '(?!.*?10\.0\.0\.2)\s+sshd\[[[:digit:]]+\]: Failed password for (invalid user)?nessus from \S+' file 

Aug 28 09:58:18 server34 sshd[13567]: Failed password for invalid user nessus from 10.0.0.4 port 33254 ssh2 
Aug 28 09:58:57 server34 sshd[13577]: Failed password for invalid user nessus from 10.0.0.4 port 33366 ssh2 
Aug 28 10:01:09 server34 sshd[13854]: Failed password for invalid user nessus from 10.0.0.4 port 33841 ssh2 
Aug 28 10:01:30 server34 sshd[13932]: Failed password for invalid user nessus from 10.0.0.4 port 34074 ssh2 
Aug 28 10:01:48 server34 sshd[13957]: Failed password for invalid user nessus from 10.0.0.4 port 36108 ssh2 
Aug 28 10:01:50 server34 sshd[13959]: Failed password for invalid user nessus from 10.0.0.4 port 36540 ssh2 
+0

這隻貓是一種簡單的在bash中執行正則表達式的方法。我使用正則表達式語法來排除10.0.0.2。 – 2014-09-04 17:09:04

+0

沒問題,我的答案,即'grep -F -v '10.0.0.2''或'grep -v '10 \ .0 \ .0 \ .2''都可以。 – anubhava 2014-09-04 17:13:07

+0

對不起,我想我不清楚。我需要能夠在不使用grep的情況下到達輸出。一些我如何需要排除在: '\ s + sshd \ [[[:digit:]] + \]:失敗的密碼(無效用戶)?從\ S +' – 2014-09-04 17:25:22