Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/regex/17.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Regex 要匹配NGinx日志文件的正则表达式_Regex_Linux - Fatal编程技术网
Fatal编程技术网
  • regex/
  • Regex 要匹配NGinx日志文件的正则表达式

Regex 要匹配NGinx日志文件的正则表达式

regex linux

Regex 要匹配NGinx日志文件的正则表达式,regex,linux,Regex,Linux,我正在尝试编写一个正则表达式来检测NGinx中的日志条目 以下是应与表达式匹配的条目列表: 7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa3 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 34489 5 0.073 7.7.7.7 - - [28/Mar/2019

我正在尝试编写一个正则表达式来检测NGinx中的日志条目

以下是应与表达式匹配的条目列表:

7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa3 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 34489 5 0.073
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa1 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 33339 5 0.091
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa4 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 21907 5 0.076
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaab HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 19671 5 0.159
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa2 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 15359 5 0.104
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa5 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 35095 5 0.084

1.1.1.1 - - [28/Mar/2019:13:58:55 +0000] "GET /pro/p/id/63aaaaaaaaa8/4.4.4.4/YL0000000000.rom HTTP/1.1" "-" "Yealink W52P 25.81.0.10 00:15:aa:aa:aa:f9" 404 - 1 5 0.137
2.2.2.2 - - [28/Mar/2019:13:58:56 +0000] "GET /pro/p/id/67aaaaaaaaa0/4.4.4.4/T46G.rom HTTP/1.1" "-" "Yealink SIP-T46G 28.81.0.20 00:15:aa:aa:aa:eb" 404 - 1 5 0.128
3.3.3.3 - - [28/Mar/2019:13:59:00 +0000] "GET /pro/p/id/67aaaaaaa750/4.4.4.4/T46G.rom HTTP/1.1" "-" "Yealink SIP-T46G 28.81.0.20 00:15:aa:aa:aa:eb" 404 - 1 5 0.131
以下是不应与表达式匹配的条目列表:

7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa3 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 34489 5 0.073
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa1 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 33339 5 0.091
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa4 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 21907 5 0.076
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaab HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 19671 5 0.159
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa2 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 15359 5 0.104
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa5 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 35095 5 0.084

1.1.1.1 - - [28/Mar/2019:13:58:55 +0000] "GET /pro/p/id/63aaaaaaaaa8/4.4.4.4/YL0000000000.rom HTTP/1.1" "-" "Yealink W52P 25.81.0.10 00:15:aa:aa:aa:f9" 404 - 1 5 0.137
2.2.2.2 - - [28/Mar/2019:13:58:56 +0000] "GET /pro/p/id/67aaaaaaaaa0/4.4.4.4/T46G.rom HTTP/1.1" "-" "Yealink SIP-T46G 28.81.0.20 00:15:aa:aa:aa:eb" 404 - 1 5 0.128
3.3.3.3 - - [28/Mar/2019:13:59:00 +0000] "GET /pro/p/id/67aaaaaaa750/4.4.4.4/T46G.rom HTTP/1.1" "-" "Yealink SIP-T46G 28.81.0.20 00:15:aa:aa:aa:eb" 404 - 1 5 0.131
我试图排除包含以下字符串之一的行:Polycom、Yealink、Snom

我目前的正则表达式如下:

^([0-9]+\.[0-9]+\.[0-9]+.[0-9]+-\[\d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}:\d{2}\+\d{4}\][GET\/pro p((?!Polycom | Snom | yearlink)。+)(?:403 404 404

编辑:在这个正则表达式中增加了一个额外的要求-还需要匹配这些行的403/404状态

但是,这不能正常工作,并且会产生误报。
请尝试正则表达式:
(?!*(Polycom | Snom | yeallink))^([0-9]+\.[0-9]+\.[0-9]+.[0-9]+-\[(\d{2}\/\w{3}/\d{4}:\d{2}:\d{2}:\d{d{2}:\d{d{4}>


试试这个Perl解决方案


perl -ne ' /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+) - - \[(\d{2})\/\w{3}\/\d{4}:\d{2}:\d{2}:\d{2} \+\d{4}\] \"GET \/pro\/p(?!.*(Polycom|Snom|Yealink))/ms and print ' file


使用以下输入


$ cat btong.log
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa3 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 34489 5 0.073
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa1 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 33339 5 0.091
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa4 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 21907 5 0.076
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaab HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 19671 5 0.159
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa2 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 15359 5 0.104
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa5 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 35095 5 0.084
1.1.1.1 - - [28/Mar/2019:13:58:55 +0000] "GET /pro/p/id/63aaaaaaaaa8/4.4.4.4/YL0000000000.rom HTTP/1.1" "-" "Yealink W52P 25.81.0.10 00:15:aa:aa:aa:f9" 404 - 1 5 0.137
2.2.2.2 - - [28/Mar/2019:13:58:56 +0000] "GET /pro/p/id/67aaaaaaaaa0/4.4.4.4/T46G.rom HTTP/1.1" "-" "Yealink SIP-T46G 28.81.0.20 00:15:aa:aa:aa:eb" 404 - 1 5 0.128
3.3.3.3 - - [28/Mar/2019:13:59:00 +0000] "GET /pro/p/id/67aaaaaaa750/4.4.4.4/T46G.rom HTTP/1.1" "-" "Yealink SIP-T46G 28.81.0.20 00:15:aa:aa:aa:eb" 404 - 1 5 0.131

$ perl -ne ' /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+) - - \[(\d{2})\/\w{3}\/\d{4}:\d{2}:\d{2}:\d{2} \+\d{4}\] \"GET \/pro\/p(?!.*(Polycom|Snom|Yealink))/ms and print ' btong.log
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa3 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 34489 5 0.073
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa1 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 33339 5 0.091
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa4 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 21907 5 0.076
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaab HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 19671 5 0.159
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa2 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 15359 5 0.104
7.7.7.7 - - [28/Mar/2019:03:30:06 +0000] "GET /pro/p/001565a2aaa5 HTTP/1.1" "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 404 - 35095 5 0.084

$



在我的原始帖子中我应该更清楚-我也需要匹配我的正则表达式中的其他位,因为它将阻止误报。我还需要捕获IPEx。不幸的是,我必须使用正则表达式,因为这将用于
failregex
指令中的fail2ban。不过,我大概可以传输正则表达式逻辑?我只是注意到我忽略了原始请求中的一些内容-我需要匹配日志中的403/404状态-我如何添加此内容?看起来您现在正在更改问题。。你能更新一下吗