我正在构建一个正则表达式过滤器来处理这个日志文件:
[15:20:56|9M] 191.241.67.46 | fordcom2002 | delphina | /login
[15:20:56|9M] 109.167.249.41 | kyler394 | Baseball1 | /login
[15:20:57|9M] 103.112.62.126 | akuztikkaren | docomo | /login
[15:20:57|9M] 110.78.145.107 | rodriguezo59 | sureno150 | /login
[15:20:57|9M] 45.250.226.48 | czesio389 | Czesio12345 | site2.com/login
[15:20:58|9M] 103.112.62.126 | russosm16 | sunset8! | /login
[15:20:58|9M] 185.220.101.130 | slidekick28 | camera76 | /login
[15:20:58|9M] 176.104.52.46 | sarah280868 | pspps3 | site2.com/login
[15:20:58|9M] 191.241.67.46 | jackmckillop | vanilla | /login
[15:20:59|9M] 183.81.152.82 | czuck | Jokel1990 | /login
[15:21:01|9M] 125.160.65.176 | bernd_beinicke | xLOMxkhmrc | site2.com/login
[15:21:01|9M] 103.112.62.126 | tyler_harmon256 | Freddy1 | /login
[15:21:02|9M] 186.248.109.30 | poutney-01 | seriously! | site2.com/login
[15:21:02|9M] 186.248.109.30 | okjjli | chamber1 | site2.com/login
[15:21:02|9M] 186.248.109.30 | nacunic | 82925925n | site2.com/login
[15:21:02|9M] 51.79.53.139 | ishman99 | 120899 | /login
[15:21:03|9M] 113.160.219.210 | walter.raponi | patatina | /login
[15:21:03|9M] 117.103.87.62 | sho10004 | biller62 | /login
[15:21:03|9M] 45.225.47.210 | popopopo1234 | pokemon1 | site2.com/login
[15:21:03|9M] 191.241.67.46 | asharanae | beyonce11 | /login
[15:21:03|9M] 117.103.87.62 | javajoewheaton | 5262628 | /login
我尝试了几十种正则表达式模式,但它们不起作用。就像这个:
$ fail2ban-regex "[14:33:39|9M] 110.77.232.21 | miss-sexi-99 | lachat09 | /login" '\[.*\]+\s+<HOST>+$'
但它从来都不起作用,我总是被“错过”
Running tests
=============
Use failregex line : \[.*\]+\s+<HOST>+$
Use single line : [14:33:39|9M] 110.77.232.21 | miss-sexi-99 ...
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.00 sec]
|- Missed line(s):
| [14:33:39|9M] 110.77.232.21 | miss-sexi-99 | lachat09 | /login
`-
答案1
这个可以和正则表达式测试器一起使用自由格式化程序
^\[.*\]\s+(?<HOST>.*)\s+
这使用了一个命名捕获“ ”,如果我正确阅读了文档的话,(?<HOST>.*)
对于 fail2ban-regex 来说,它应该简单地被“ ”替换。<HOST>