syslog上的Regex字匹配失败
我试图抓住一行,既有一个ip范围匹配和一个确切的字匹配,但不断失败的字匹配 输入:syslog上的Regex字匹配失败,regex,Regex,我试图抓住一行,既有一个ip范围匹配和一个确切的字匹配,但不断失败的字匹配 输入: <14>1 2017-02-02T13:53:08.557Z dfb803-FW-1a RT_GO - RT_GO_SESSION_CLOSE [debian@333.39 reason="TCP CLIENT RST" source-address="111.222.98.71" source-port="57927" destination-address="30.200.03.00" desti
<14>1 2017-02-02T13:53:08.557Z dfb803-FW-1a RT_GO - RT_GO_SESSION_CLOSE [debian@333.39 reason="TCP CLIENT
RST" source-address="111.222.98.71" source-port="57927" destination-address="30.200.03.00" destination-port="333" servi
ce-name="debian-https" nat-source-address="111.222.98.71" nat-source-port="34534" nat-destination-address="xx.xxx.xx.194"
nat-destination-port="343" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N
/A" protocol-id="3" policy-name="51" source-zone-name="Local" destination-zone-name="Local" session-id-32="53300" packet
s-from-client="333" bytes-from-client="43" packets-from-server="14" bytes-from-server="7511" elapsed-time="92" applicat
ion="UNKNOWN" nested-application="UNKNOWN" username="N/A" roles="N/A" packet-incoming-interface="xxx.31" encrypted="UN
KNOWN"]
(.*dfb803-FW-1a.*) source-address="111\.222\.98\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))"
也许你可以匹配源地址后的其余部分,以匹配整行,并创建不需要捕获的组。
(?:(.*dfb803-FW-1a.*) source-address="111\.222\.98\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))"