在error.log中查找IP

在error.log中查找IP

我在构建使用文本过滤器在日志中查找 IP 的批处理代码时遇到了麻烦。例如:Apache Web 服务器 error.log 中的这一行:

[Fri Dec 13 23:32:47.531250 2013] [access_compat:error] [pid 3492:tid 464] [client 68.37.42.231:36925] AH01797: client denied by server configuration: /htdocs/cgi-bin/php

使用文本过滤器查找 ip:/htdocs/cgi-bin/php 输出:68.37.42.231

是否可以?

答案1

bockra$ cat /tmp/su 
[Fri Dec 13 23:32:47.531250 2013] [access_compat:error][pid 3492:tid 464] [client 68.37.42.231:36925] AH01797: client denied by server configuration: /htdocs/cgi-bin/php

bockra$ awk -F'[: ]' {'print $15'} /tmp/su
68.37.42.231

awk 可以理解多个分隔符( -F'[: ]' )并且 'print $15' 表示您的输出是字符串#15,使用 : 和空格作为分隔符

您必须使用 AWK 来加快速度 :) 对于 Linux 或 OsX,它通常在 dist 中预安装。对于 Windows,您可以在此处下载:http://gnuwin32.sourceforge.net/packages/gawk.htm

答案2

Powershell 版本用于提取预定义文本过滤器与同一行匹配的所有 IP 地址:

$input = "D:\input.log" 
$output = "D:\ouput.txt"    
$IPregex = "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
$filter = "/htdocs/cgi-bin/php"

gc $input | where { $_ -match $filter} | Select-String -Pattern $IPregex | % { $_.Matches } | % { $_.Value } > $output

答案3

您可以使用Windows 上的 grep

@ECHO OFF &SETLOCAL
echo([Fri Dec 13 23:32:47.531250 2013] [access_compat:error] [pid 3492:tid 464] [client 68.37.42.231:36925] AH01797: client denied by server configuration: /htdocs/cgi-bin/php|grep -Eo "(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])"

68.37.42.231

答案4

请原谅,我决定用另一种我感觉最舒服的语言来做。非常感谢您在此处展示的示例。

编程语言: http://en.wikipedia.org/wiki/Liberty_BASIC

nomainwin


[loop]

    'Sleep 500ms
    CALLDLL #kernel32 , "Sleep" , 500 AS Long , rc AS Void

    'Call sub and read last line
    gosub [log]

    'Find by filter in string, if exist abuse call sub
    if instr(lastline$,"xampp/cgi-bin/php") then gosub [htaccess]

    'If ip not exists in htaccess
    gosub [save]

    goto [loop]

    end




'SUBS


[htaccess]
    'Read .htaccess
    open "C:\xampp\htdocs\.htaccess" for input as #handle1
    while EOF(#handle1)=0
        line input #handle1, htaccess$

        if instr(htaccess$,delim2$) then
            exists=1
        else
            exists=0
        end if

    wend
    close #handle1

    RETURN


[log]
    'Sets the maximum size of an array
    dim array2$(999999)

    'Read errorlog file line by line
    open "C:\xampp\apache\logs\error.log" for input as #handle2
    while EOF(#handle2)=0
        input #handle2, array2$(errorlog)
        errorlog=errorlog+1
    wend
    close #handle2

    'Put last line in string
    lastline$ = array2$(errorlog-1)

    'Remove text to the string and get ip
    delim$ = word$(lastline$, 4, "]")
    delim1$ = word$(delim$, 1, ":")
    delim2$ = trim$(mid$(delim1$, 10, 50))

    RETURN


[save]
    'Save new entries in .htaccess
    if exists = 0 then

        'Create string and put parameter in front of the ip
        ip$ = "deny from " ; delim2$

        'Read .htaccesst file and put content in string
        open "C:\xampp\htdocs\.htaccess" for input as #f
         htaccesst$ = input$(#f, lof(#f))
        close #f

        'Clean .htaccesst file and put content within the file
        open "C:\xampp\htdocs\.htaccess" for output as #f
         print #f, htaccesst$
         print #f, ip$;
        close #f

    end if

    RETURN

相关内容