我的程序将发出一个grep
命令来根据时间范围和唯一关键字搜索日志。我的程序能够成功发出 grep
命令,并且返回几行匹配的日志,如下所示:
22:41.9 INFO SSHD SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:Logout agent success [accountName=null remoteAddress=STEDGE/172.16.8.3] AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl executeLogoutAgent 429 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN
21:45.9 INFO SSHD SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:Invoking logout agent [accountName=null remoteAddress=STEDGE/172.16.8.3] AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl executeLogoutAgent 425 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN
21:45.9 INFO SSHD SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:SSH: User "null" logged out from [172.16.8.1]. AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl executeLogoutAgent 422 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN
但我不需要所有这些,我感兴趣的是[remoteAddress=/172.16.8.1:64931]
。这行代码 Pattern pat1 = Pattern.compile("remoteAddress=/(\d)");
给出了非法转义字符。我可以知道如何提取没有任何端口号的IP地址并将其存储到一个字符串变量中,我在google上搜索了一些信息但它无法工作。
这是我的源代码,供您引用:
import java.io.*;
import java.util.regex.*;
class blockIP
{
public static void main(String [] args)
{
String command1 = "date +%R";
String time = null;
String argument2 = null;
String argument1 = ".*java";
try
{
Process p1 = Runtime.getRuntime().exec(command1);
BufferedReader br1 = new BufferedReader(new InputStreamReader(p1.getInputStream()));
String line1;
while((line1 = br1.readLine()) != null )
{
System.out.println(line1);
time = line1;
argument2 =time.concat(argument1);
}
br1.close();
String command2 = "grep "+argument2+" stlog.txt";
System.out.println("the command2 is :"+command2);
Process p2 = Runtime.getRuntime().exec(command2);
BufferedReader br2 = new BufferedReader(new InputStreamReader(p2.getInputStream()));
String line2;
while((line2 = br2.readLine()) != null)
{
System.out.println(line2);
Pattern pat1 = Pattern.compile("remoteAddress=/(\d)");
Matcher matcher1 = pat1.matcher(line2);
while(matcher1.find())
{
System.out.println(matcher1.group(1));
}
}
}
catch(IOException e)
{
e.printStackTrace();
}
}
}
最佳答案
此正则表达式匹配 remoteAddress=/
之后的数字和点短语。
public static void main(String[] args) {
String s = "21:45.9 INFO SSHD SSHD-TRANSFER-1 [accountName=root] [remoteAddress=/172.16.8.1:64931]:Invoking logout agent [accountName=null remoteAddress=STEDGE/172.16.8.3] AuthenticationProviderImpl.java com.tumbleweed.st.server.sshd.AuthenticationProviderImpl executeLogoutAgent 425 UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN UNKNOWN\r\n";
Pattern pattern = Pattern.compile("(?<=remoteAddress=/)[\\d.]+");
Matcher matcher = pattern.matcher(s);
while (matcher.find()) {
String group = matcher.group();
System.out.println(group);
}
}
它不会匹配 remoteAddress=STEDGE/172.16.8.3
。
它使用正向回顾来断言 (?<=remoteAddress=/)
之前172.16.8.1
模式:
(?<=remoteAddress=/)
正向回顾(零长度断言)。仅当 [\\d.]+
时才匹配前面有确切的短语 remoteAddress=/
.
[\\d.]+
匹配数字或句点。 1次或多次。与其他任何内容都不匹配。
关于java - 用于日志分析的模式匹配,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44254700/