用kodos写事件日志的正则表达式

今天用kodos写了一段代码

Aug  2 11:06:20 id=tos time="2010-08-02 11:03:49" fw=TopsecSH  pri=6 type=ac  recorder=FW-NAT src=192.167.10.112 dst=192.168.10.26 sport=123 dport=3000    smac=00:0d:60:80:e5:18 dmac=00:13:32:02:6d:0c proto=tcp indev=eth0 outdev=eth2 user= rule=accept        connid=248943876 parentid=0 dpiid=0 natid=0 policyid=9957 msg="null"
Aug  2 11:06:23 id=tos time="2010-08-02 11:03:49" fw=TopsecSH  pri=6 type=ac  recorder=FW-NAT src=192.167.10.112 dst=192.168.10.26 sport=1795 dport=3000    smac=00:0d:60:80:e5:18 dmac=00:13:32:02:6d:0c proto=tcp indev=eth0 outdev=eth2 user= rule=accept        connid=249157892 parentid=0 dpiid=0 natid=0 policyid=9957 msg="null"
Aug  2 11:06:23 id=tos time="2010-08-02 11:03:49" fw=TopsecSH  pri=6 type=ac  recorder=FW-NAT src=192.167.10.112 dst=192.168.10.26 sport=1799 dport=3000    smac=00:0d:60:80:e5:18 dmac=00:13:32:02:6d:0c proto=tcp indev=eth0 outdev=eth2 user= rule=accept        connid=249069828 parentid=0 dpiid=0 natid=0 policyid=9957 msg="null"

 

以上是3条事件日志，用代码写出来为(?P<time>\D+\d{1,2}\s+\d\d\:\d\d\:\d\d)\s+id=(?P<id>[^\s]+)\s+time=(?P<access_time>\"\d\d\d\d-\d\d-\d\d\s+\d\d\:\d\d\:\d\d\")\s+(?P<device_name>[^\s]+)\s+\S+\s+\S+\s+\S+\s+src=(?P<src_ip>\S+)\s+dst=(?P<dst_ip>\S+)\s+sport=(?P<src_port>\d+)\s+dport=(?P<dst_port>\d+)\s+.*

测试通过。

从中可以学到，匹配的话只会匹配（）内的内容，?P=<> 表示匹配出来的内容注释，用\S+ 来表示不想匹配的内容。

 

 

 

 

(?P<Date>\w\w\w\s+\d+\s+\d\d:\d\d:\d\d)\s+(?P<Name>[^\s]+)\s+(?P<data1>[^\s]+)\s+\d+\s+(?P<IPV4>\d+\.\d+\.\d+\.\d+)\s+\-\s+\-\s+(?P<Access_Time>.*])\s+\"(?P<Info>.*)\"\s+(?P<Status>\d+)\s+(?P<Length>.*)

 

Jul  1 09:11:19 xyqh-kbwvg2ut3n ApacheLog       0       220.181.125.45 - - [01/Jul/2011:09:11:18 +0800] "GET /list.php?catid=56&page=49 HTTP/1.1" 200 3779
Jul  1 09:11:19 xyqh-kbwvg2ut3n ApacheLog       0       112.111.147.158 - - [01/Jul/2011:09:10:56 +0800] "GET /uploadfile//soft//Setup_Midas.exe HTTP/1.1" 206 235462
Jul  1 09:11:22 xyqh-kbwvg2ut3n ApacheLog       0       124.115.0.141 - - [01/Jul/2011:09:11:21 +0800] "GET /list.php?catid=138&typeid=9 HTTP/1.1" 200 3933
Jul  1 09:11:22 xyqh-kbwvg2ut3n ApacheLog       0       112.111.147.158 - - [01/Jul/2011:09:10:56 +0800] "GET /uploadfile//soft//Setup_Midas.exe HTTP/1.1" 206 306215
Jul  1 09:11:22 xyqh-kbwvg2ut3n ApacheLog       0       124.115.0.141 - - [01/Jul/2011:09:11:21 +0800] "GET /data/config.js HTTP/1.1" 200 105
Jul  1 09:11:22 xyqh-kbwvg2ut3n ApacheLog       0       124.115.0.141 - - [01/Jul/2011:09:11:21 +0800] "GET /images/js/login.js HTTP/1.1" 200 1061
Jul  1 09:11:22 xyqh-kbwvg2ut3n ApacheLog       0       124.115.0.141 - - [01/Jul/2011:09:11:21 +0800] "GET /images/js/pageset.js HTTP/1.1" 200 52179
Jul  1 09:11:22 xyqh-kbwvg2ut3n ApacheLog       0       112.111.147.158 - - [01/Jul/2011:09:11:14 +0800] "GET /uploadfile//soft//Setup_Midas.exe HTTP/1.1" 206 174374