用於日誌分析的模式匹配

Question

我的程序將發出一個grep命令來搜索日誌基於時間範圍和唯一關鍵字。我的計劃能夠成功發行了grep命令，它的返回日誌的幾個匹配的線看起來像下面

22:41.9 INFO SSHD SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:Logout agent success [accountName=null remoteAddress=STEDGE/172.16.8.3] AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl executeLogoutAgent 429 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN 
21:45.9 INFO SSHD SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:Invoking logout agent [accountName=null remoteAddress=STEDGE/172.16.8.3] AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl executeLogoutAgent 425 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN 
21:45.9 INFO SSHD SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:SSH: User "null" logged out from [172.16.8.1]. AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl executeLogoutAgent 422 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN 

但我不需要這一切，這個事情我感興趣的是[remoteAddress=/172.16.8.1:64931]。這行代碼Pattern pat1 = Pattern.compile("remoteAddress=/(\d)");給予非法轉義字符。我可以知道如何只提取出沒有任何端口號的IP地址並將其存儲到一個字符串變量中，我搜索了一些關於谷歌的信息，但它失敗了嗎？對於您參考，這是我的源代碼

import java.io.*; 
import java.util.regex.*; 
class blockIP 
{ 
    public static void main(String [] args) 
    { 
    String command1 = "date +%R"; 
    String time = null; 
    String arguement2 = null; 
    String arguement1 = ".*java"; 
    try 
     { 
      Process p1 = Runtime.getRuntime().exec(command1); 
      BufferedReader br1 = new BufferedReader(new InputStreamReader(p1.getInputStream())); 

      String line1; 
      while((line1 = br1.readLine()) != null) 
       { 
        System.out.println(line1); 
        time = line1; 
        arguement2 =time.concat(arguement1); 
       } 
      br1.close(); 
      String command2 = "grep "+arguement2+" stlog.txt"; 
      System.out.println("the command2 is :"+command2); 
      Process p2 = Runtime.getRuntime().exec(command2); 
      BufferedReader br2 = new BufferedReader(new InputStreamReader(p2.getInputStream())); 
      String line2; 
      while((line2 = br2.readLine()) != null) 
      { 
       System.out.println(line2); 
       Pattern pat1 = Pattern.compile("remoteAddress=/(\d)"); 
       Matcher matcher1 = pat1.matcher(line2); 
       while(matcher1.find()) 
        { 
        System.out.println(matcher1.group(1)); 
        } 
      } 

     } 
     catch(IOException e) 
     { 
     e.printStackTrace(); 
     } 

    } 
} 

Answer 1

此正則表達式後remoteAddress=/短語匹配的數字和點。

public static void main(String[] args) { 
     String s = "21:45.9 INFO SSHD SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:Invoking logout agent [accountName=null remoteAddress=STEDGE/172.16.8.3] AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl executeLogoutAgent 425 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN\r\n"; 
     Pattern pattern = Pattern.compile("(?<=remoteAddress=/)[\\d.]+"); 
     Matcher matcher = pattern.matcher(s); 
     while (matcher.find()) { 
      String group = matcher.group(); 
      System.out.println(group); 
     } 

    } 

它不會匹配remoteAddress=STEDGE/172.16.8.3。

它使用正回顧後斷言(?<=remoteAddress=/)是前172.16.8.1

圖樣：

(?<=remoteAddress=/)正回顧後（零長度斷言）。只有在[\\d.]+前面有精確短語remoteAddress=/時，才匹配。

[\\d.]+匹配數字或句點。一次或更多次。不匹配其他任何東西。

Answer 2

嘗試grep的使用後剪切命令。喜歡的東西：

grep argument stlog.txt | cut -d ' ' -f 6 

參考https://shapeshed.com/unix-cut/