我在构建使用文本过滤器在日志中查找 IP 的批处理代码时遇到了麻烦。例如:Apache Web 服务器 error.log 中的这一行:
[Fri Dec 13 23:32:47.531250 2013] [access_compat:error] [pid 3492:tid 464] [client 68.37.42.231:36925] AH01797: client denied by server configuration: /htdocs/cgi-bin/php
使用文本过滤器查找 ip:/htdocs/cgi-bin/php 输出:68.37.42.231
是否可以?
答案1
bockra$ cat /tmp/su
[Fri Dec 13 23:32:47.531250 2013] [access_compat:error][pid 3492:tid 464] [client 68.37.42.231:36925] AH01797: client denied by server configuration: /htdocs/cgi-bin/php
bockra$ awk -F'[: ]' {'print $15'} /tmp/su
68.37.42.231
awk 可以理解多个分隔符( -F'[: ]' )并且 'print $15' 表示您的输出是字符串#15,使用 : 和空格作为分隔符
您必须使用 AWK 来加快速度 :) 对于 Linux 或 OsX,它通常在 dist 中预安装。对于 Windows,您可以在此处下载:http://gnuwin32.sourceforge.net/packages/gawk.htm
答案2
Powershell 版本用于提取预定义文本过滤器与同一行匹配的所有 IP 地址:
$input = "D:\input.log"
$output = "D:\ouput.txt"
$IPregex = "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
$filter = "/htdocs/cgi-bin/php"
gc $input | where { $_ -match $filter} | Select-String -Pattern $IPregex | % { $_.Matches } | % { $_.Value } > $output
答案3
您可以使用Windows 上的 grep:
@ECHO OFF &SETLOCAL
echo([Fri Dec 13 23:32:47.531250 2013] [access_compat:error] [pid 3492:tid 464] [client 68.37.42.231:36925] AH01797: client denied by server configuration: /htdocs/cgi-bin/php|grep -Eo "(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])"
68.37.42.231
答案4
请原谅,我决定用另一种我感觉最舒服的语言来做。非常感谢您在此处展示的示例。
编程语言: http://en.wikipedia.org/wiki/Liberty_BASIC
nomainwin
[loop]
'Sleep 500ms
CALLDLL #kernel32 , "Sleep" , 500 AS Long , rc AS Void
'Call sub and read last line
gosub [log]
'Find by filter in string, if exist abuse call sub
if instr(lastline$,"xampp/cgi-bin/php") then gosub [htaccess]
'If ip not exists in htaccess
gosub [save]
goto [loop]
end
'SUBS
[htaccess]
'Read .htaccess
open "C:\xampp\htdocs\.htaccess" for input as #handle1
while EOF(#handle1)=0
line input #handle1, htaccess$
if instr(htaccess$,delim2$) then
exists=1
else
exists=0
end if
wend
close #handle1
RETURN
[log]
'Sets the maximum size of an array
dim array2$(999999)
'Read errorlog file line by line
open "C:\xampp\apache\logs\error.log" for input as #handle2
while EOF(#handle2)=0
input #handle2, array2$(errorlog)
errorlog=errorlog+1
wend
close #handle2
'Put last line in string
lastline$ = array2$(errorlog-1)
'Remove text to the string and get ip
delim$ = word$(lastline$, 4, "]")
delim1$ = word$(delim$, 1, ":")
delim2$ = trim$(mid$(delim1$, 10, 50))
RETURN
[save]
'Save new entries in .htaccess
if exists = 0 then
'Create string and put parameter in front of the ip
ip$ = "deny from " ; delim2$
'Read .htaccesst file and put content in string
open "C:\xampp\htdocs\.htaccess" for input as #f
htaccesst$ = input$(#f, lof(#f))
close #f
'Clean .htaccesst file and put content within the file
open "C:\xampp\htdocs\.htaccess" for output as #f
print #f, htaccesst$
print #f, ip$;
close #f
end if
RETURN