用于过滤组的正则表达式，如果组中存在特定字符串，则将其提取到另一个组中

发布于 2025-01-16 04:48:36 字数 1276 浏览 2 评论 0 原文

您好，我正在尝试使用正则表达式匹配 3 个日志，但我面临的问题是它不是动态的，就好像值发生变化一样，正则表达式不适用于该组。

我认为实践会让人更好地理解。 https://regex101.com/r/sdoZaH/1

在此，组1 仅适用于第一个日志行，无法识别第二行中的字符串
在组中，我想如果有IP地址那么它应该是单独的组，否则它已经覆盖了它的剩余部分。

如何使其动态地匹配所有行。

我试图匹配的行

Mar 21 23:31:19 c10sw1 raslogd: AUDIT, 2022/03/21-23:31:19 (PDT), [SEC-3020], INFO, SECURITY, admin/admin/test.domain.com/ssh/CLI, ad_0/c10sw1/FID 128, 8.2.1c, , , , , , , Event: login, Status: success, Info: Successful login attempt via REMOTE, IP Addr: test.domain.com.

Mar 21 23:37:13 c10-M1000e-SW1 raslogd: AUDIT, 2022/03/21-23:37:13 (PDT), [SEC-3022], INFO, SECURITY, admin/admin/test.domain.com/ssh/CLI, ad_0/c10-M1000e-SW1/FID 128, 8.2.2b, , , , , , , Event: logout, Status: success, Info: Successful logout by user [admin].

Mar 21 23:37:13 c10-M1000e-SW1 raslogd: AUDIT, 2022/03/21-23:37:13 (PDT), [SEC-3022], INFO, SECURITY, admin/admin/test.domain.com/ssh/CLI, ad_0/c10-M1000e-SW1/FID 128, 8.2.2b, , , , , , , Event: logout, Status: success, Info: Successful logout by user [admin].

原文

Hi I am trying to match 3 logs with regex the issue I face is that it is not dynamic as if the value changes then regex do not work on that group.

I think the practical will give better understanding. https://regex101.com/r/sdoZaH/1

In this, Group 1 <address is working on 1st log line only, it is not able to identify string in 2nd line
In <message> group also, I want if there is IP addr then it should be separate group else it has covered the remaining part of it.

How do I make it dynamic that it matches all lines.

The lines I am trying to match

Mar 21 23:31:19 c10sw1 raslogd: AUDIT, 2022/03/21-23:31:19 (PDT), [SEC-3020], INFO, SECURITY, admin/admin/test.domain.com/ssh/CLI, ad_0/c10sw1/FID 128, 8.2.1c, , , , , , , Event: login, Status: success, Info: Successful login attempt via REMOTE, IP Addr: test.domain.com.

Mar 21 23:37:13 c10-M1000e-SW1 raslogd: AUDIT, 2022/03/21-23:37:13 (PDT), [SEC-3022], INFO, SECURITY, admin/admin/test.domain.com/ssh/CLI, ad_0/c10-M1000e-SW1/FID 128, 8.2.2b, , , , , , , Event: logout, Status: success, Info: Successful logout by user [admin].

Mar 21 23:37:13 c10-M1000e-SW1 raslogd: AUDIT, 2022/03/21-23:37:13 (PDT), [SEC-3022], INFO, SECURITY, admin/admin/test.domain.com/ssh/CLI, ad_0/c10-M1000e-SW1/FID 128, 8.2.2b, , , , , , , Event: logout, Status: success, Info: Successful logout by user [admin].

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

岁吢 2025-01-23 04:48:36

请尝试以下模式：

^[A-Za-z]+[\d\s:]+(?<address>\D\w+)\s.+?,\s(?<time>\d+\/\d+\/\d+\-\d+\:\d+\:\d+).+?\s\w+\/.+?\/(?<domain>.+?)\/(?<destinationprocess>.+?)\/(?<sourceprocess>.+?),.+Event:\s(?<eventtype>.+?),.+Status:\s(?<status>.+?),\sInfo:\s(?<message>.+)$

请您在问题中输入各种有效和无效的字符串。

Please try the following pattern:

^[A-Za-z]+[\d\s:]+(?<address>\D\w+)\s.+?,\s(?<time>\d+\/\d+\/\d+\-\d+\:\d+\:\d+).+?\s\w+\/.+?\/(?<domain>.+?)\/(?<destinationprocess>.+?)\/(?<sourceprocess>.+?),.+Event:\s(?<eventtype>.+?),.+Status:\s(?<status>.+?),\sInfo:\s(?<message>.+)$

Please could you put various valid and invalid strings in the question.

回复收藏 0 原文

~没有更多了~