我想使用regexp從下面的輸出中排除地址爲10.0.0.2的行。使用正則表達式排除符合條件的行
我的命令:
cat /var/log/secure | egrep '\s+sshd\[[[:digit:]]+\]: Failed password for (invalid user)?nessus from \S+'
輸出:
Aug 28 09:58:18 server34 sshd[13567]: Failed password for invalid user nessus from 10.0.0.4 port 33254 ssh2
Aug 28 09:58:57 server34 sshd[13577]: Failed password for invalid user nessus from 10.0.0.4 port 33366 ssh2
Aug 28 10:01:09 server34 sshd[13854]: Failed password for invalid user nessus from 10.0.0.4 port 33841 ssh2
Aug 28 10:01:30 server34 sshd[13932]: Failed password for invalid user nessus from 10.0.0.4 port 34074 ssh2
Aug 28 10:01:48 server34 sshd[13957]: Failed password for invalid user nessus from 10.0.0.4 port 36108 ssh2
Aug 28 10:01:50 server34 sshd[13959]: Failed password for invalid user nessus from 10.0.0.4 port 36540 ssh2
Aug 29 03:29:11 server34 sshd[7461]: Failed password for invalid user nessus from 10.0.0.2 port 46375 ssh2
Aug 29 03:29:54 server34 sshd[7475]: Failed password for invalid user nessus from 10.0.0.2 port 34047 ssh2
Aug 29 03:31:51 server34 sshd[8335]: Failed password for invalid user nessus from 10.0.0.2 port 47509 ssh2
Aug 29 03:31:58 server34 sshd[8355]: Failed password for invalid user nessus from 10.0.0.2 port 48692 ssh2
Aug 29 03:32:42 server34 sshd[8423]: Failed password for invalid user nessus from 10.0.0.2 port 54580 ssh2
Aug 29 03:32:49 server34 sshd[8425]: Failed password for invalid user nessus from 10.0.0.2 port 55557 ssh2
我想堅持使用正則表達式(在當前的格式),因爲這是SCOM使用時scans log files在Linux中。
你能張貼輸入和預期的輸出? – 2014-09-04 17:06:27