查找 */log/* 目录中的所有 IP 地址并将这些行输出到文件中,不重复

tag-icon tag-icon ubuntu grep find regular-expression sort
查找 */log/* 目录中的所有 IP 地址并将这些行输出到文件中,不重复

我试图从调用的目录中的文件中检索带有 IP 地址的所有行log并将它们写入文件,但我运气不佳。目前我正在输入:

find . -path "*/log/*" -type f | xargs grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" | xargs grep -v "[myip]" > log.txt | sort -u

但这仅输出以下内容:

Binary file ./var/log/wtmp.1 matches
Binary file ./var/log/lastlog matches
Binary file ./var/log/btmp matches
Binary file ./var/log/btmp.1 matches
Binary file ./var/log/wtmp matches
Binary file ./run/log/journal/9dec9e4e32834bb59a2d5e1c50895ca5/system.journal matches
Binary file ./run/log/journal/9dec9e4e32834bb59a2d5e1c50895ca5/system@4d01f718aa76471eafb1b2faa76e05e2-00000000000334f4-000547883cd64bfc.journal matches
Binary file ./run/log/journal/9dec9e4e32834bb59a2d5e1c50895ca5/system@4d01f718aa76471eafb1b2faa76e05e2-000000000003109b-000547834461e9ac.journal matches
Binary file ./run/log/journal/9dec9e4e32834bb59a2d5e1c50895ca5/system@4d01f718aa76471eafb1b2faa76e05e2-000000000002ec72-0005477e385a43c7.journal matches
Binary file ./run/log/journal/9dec9e4e32834bb59a2d5e1c50895ca5/system@4d01f718aa76471eafb1b2faa76e05e2-000000000002c42c-0005477bb1a39b46.journal matches
Binary file ./run/log/journal/9dec9e4e32834bb59a2d5e1c50895ca5/system@4d01f718aa76471eafb1b2faa76e05e2-0000000000029d35-00054776e06fb915.journal matches
Binary file ./run/log/journal/9dec9e4e32834bb59a2d5e1c50895ca5/system@4d01f718aa76471eafb1b2faa76e05e2-0000000000027310-000547743bc488ca.journal matches
Binary file ./run/log/journal/9dec9e4e32834bb59a2d5e1c50895ca5/system@4d01f718aa76471eafb1b2faa76e05e2-0000000000024a25-00054771307a13d2.journal matches
Binary file ./run/log/journal/9dec9e4e32834bb59a2d5e1c50895ca5/system@4d01f718aa76471eafb1b2faa76e05e2-0000000000022116-0005476e66afb18c.journal matches

这根本不是我所追求的。我需要正确编写这个查询吗?理想情况下,输出应如下所示:

Started GET "/" for [IP] at 2017-02-02 19:15:39 +0000
Cannot render console from 85.248.227.164! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
[...]
Jan 29 06:25:04 ubuntu sshd[24085]: Failed password for root from [IP] port 41348 ssh2

等等,不包括我的 IP 地址和任何相关结果。理想情况下,每个匹配项前面都包含文件路径和行号。

find . -path "*/log/*" -type f | exec grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" {} > log.txt

不向日志文件输出任何内容。部分问题似乎与额外的流程有关,例如

find . -path "*/log/*" -type f | xargs grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" > log.txt

是否输出 IP 地址,它只是用我的 IP 获取大量重复的内容和负载结果,这是我不想要的。

答案1

我使用以下方法使其工作:

regex="(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
sudo find / -path "*/log/*" -type f -exec grep -Eo $regex {} +

如果您希望对其进行排序,请通过管道将其传递sort,并添加重定向以将其放入文件中。

sudo find / -path "*/log/*" -type f -exec grep -Eo $regex {} + \
  | grep -v "[myip]" | sort | uniq > log.txt

相关内容