java - 用于日志分析的模式匹配

Question

我的程序将发出一个grep命令来根据时间范围和唯一关键字搜索日志。我的程序能够成功发出 grep 命令，并且返回几行匹配的日志，如下所示:

22:41.9 INFO    SSHD    SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:Logout agent success [accountName=null remoteAddress=STEDGE/172.16.8.3]    AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl    executeLogoutAgent  429 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN
21:45.9 INFO    SSHD    SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:Invoking logout agent [accountName=null remoteAddress=STEDGE/172.16.8.3]   AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl    executeLogoutAgent  425 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN
21:45.9 INFO    SSHD    SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:SSH: User "null" logged out from [172.16.8.1]. AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl    executeLogoutAgent  422 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN

但我不需要所有这些，我感兴趣的是[remoteAddress=/172.16.8.1:64931]。这行代码 Pattern pat1 = Pattern.compile("remoteAddress=/(\d)"); 给出了非法转义字符。我可以知道如何提取没有任何端口号的IP地址并将其存储到一个字符串变量中，我在google上搜索了一些信息但它无法工作。

这是我的源代码，供您引用:

import java.io.*;
import java.util.regex.*;
class blockIP
{
   public static void main(String [] args)
   {
     String command1 = "date +%R";
     String time = null;
     String argument2 = null;
     String argument1 = ".*java";
     try
       {
             Process p1 = Runtime.getRuntime().exec(command1);
             BufferedReader br1 = new BufferedReader(new InputStreamReader(p1.getInputStream()));
             
             String line1;
             while((line1 = br1.readLine()) != null )
              {
                  System.out.println(line1);
                  time = line1;
                  argument2 =time.concat(argument1);
              }
           br1.close();
           String command2 = "grep "+argument2+" stlog.txt";
           System.out.println("the command2 is :"+command2);
           Process p2 = Runtime.getRuntime().exec(command2);
           BufferedReader br2 = new BufferedReader(new InputStreamReader(p2.getInputStream()));
           String line2;
           while((line2 = br2.readLine()) != null)
           { 
              System.out.println(line2);
              Pattern pat1 = Pattern.compile("remoteAddress=/(\d)");
              Matcher matcher1 = pat1.matcher(line2);
              while(matcher1.find())
                   {
                     System.out.println(matcher1.group(1));
                   }
           }
      }
      catch(IOException e)
      {
        e.printStackTrace();
      }
    
   }
}

Answer 1

此正则表达式匹配 remoteAddress=/ 之后的数字和点短语。

public static void main(String[] args) {
        String s = "21:45.9 INFO    SSHD    SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:Invoking logout agent [accountName=null remoteAddress=STEDGE/172.16.8.3]   AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl    executeLogoutAgent  425 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN\r\n";
        Pattern pattern = Pattern.compile("(?<=remoteAddress=/)[\\d.]+");
        Matcher matcher = pattern.matcher(s);
        while (matcher.find()) {
            String group = matcher.group();
            System.out.println(group);
        }

    }

它不会匹配 remoteAddress=STEDGE/172.16.8.3 。

它使用正向回顾来断言 (?<=remoteAddress=/)之前172.16.8.1

模式:

(?<=remoteAddress=/)正向回顾(零长度断言)。仅当 [\\d.]+ 时才匹配前面有确切的短语 remoteAddress=/ .

[\\d.]+匹配数字或句点。 1次或多次。与其他任何内容都不匹配。