0

我正在寻找在特定单词之后提取匹配的特定字符集,直到序列中出现的最后一个空格。

例子:

FAILED on portal HTTP (10.1.1.1)
FAILED on portal TELNET 0 SSH (10.1.1.1)

我希望 O/P 是:

HTTP
TELNET 0 SSH

目前正在使用以下 RegEX 并正在处理它:

.+((?<=portal)[^\s]]+

如果你们中的任何人可以帮助我解决这个问题,将会很有帮助:)

从评论更新:

文本:

1368028793000 10.3.1.4 CISCO X AUTHENTICATION:SESSION User authentication attempt FAILED on portal TELNET 0 SSH (10.1.2.8:64940)

正则表达式:

^(\d+).* (\S+\d) ([\w\s]+) (\w* ?AUTHENTICATION:SESSION) (.+) (([\w.]+):(\d+)).*

通常,我希望从我的示例字符串中获得的组是:

#1 - 1368028793000 
#2 - 10.3.1.4 
#3 - CISCO X 
#4 - AUTHENTICATION:SESSION 
#5 - User authentication attempt FAILED on portal 
#6 - TELNET 0 SSH 
#7 - 10.1.2.8 
#8 - 6940
4

3 回答 3

1

你可以试试这个:

(?<=portal\s)(.+)\s\(

请注意,您缺少右括号)和左方括号[,我认为这是一个错字。并且您需要转义标记位开始的左括号(10.1.1.1)

于 2013-05-23T09:08:57.623 回答
0

你可以使用这个正则表达式

(?<=portal).+(?=\s)

.+是贪婪的,所以它会匹配到最后,然后在必要时回溯..

于 2013-05-23T09:07:40.560 回答
0

一切都根据新的要求而改变。

试一试:

^(\d+)\s+([\d.]+)\s+([\w\s]+?)\s+(AUTHENTICATION:SESSION)\s+(.+?portal)\s(.+?)\(([\d.]+)(?::(\d+))?\)$

这是一个运行它的 perl 脚本:

my $re = qr/^(\d+)\s+([\d.]+)\s+([\w\s]+?)\s+(AUTHENTICATION:SESSION)\s+(.+?portal)\s(.+?)\(([\d.]+)(?::(\d+))?\)$/;
while(<DATA>) {
    chomp;
    my @l = ($_ =~ $re);
    dump@l;
}
__DATA__
1368028793000 10.3.1.4 CISCO X AUTHENTICATION:SESSION User authentication attempt FAILED on portal HTTP (10.1.1.1)
1368028793000 10.3.1.4 CISCO X AUTHENTICATION:SESSION User authentication attempt FAILED on portal TELNET 0 SSH (10.1.2.8:64940)

输出:

(
  1368028793000,
  "10.3.1.4",
  "CISCO X",
  "AUTHENTICATION:SESSION",
  "User authentication attempt FAILED on portal",
  "HTTP ",
  "10.1.1.1",
  undef,
)
(
  1368028793000,
  "10.3.1.4",
  "CISCO X",
  "AUTHENTICATION:SESSION",
  "User authentication attempt FAILED on portal",
  "TELNET 0 SSH ",
  "10.1.2.8",
  64940,
)

正则表达式解释:

The regular expression:

(?-imsx:^(\d+)\s+([\d.]+)\s+([\w\s]+?)\s+(AUTHENTICATION:SESSION)\s+(.+?portal)\s(.+?)\(([\d.]+)(?::(\d+))?\)$)

matches as follows:

NODE                     EXPLANATION
----------------------------------------------------------------------
(?-imsx:                 group, but do not capture (case-sensitive)
                         (with ^ and $ matching normally) (with . not
                         matching \n) (matching whitespace and #
                         normally):
----------------------------------------------------------------------
  ^                        the beginning of the string
----------------------------------------------------------------------
  (                        group and capture to \1:
----------------------------------------------------------------------
    \d+                      digits (0-9) (1 or more times (matching
                             the most amount possible))
----------------------------------------------------------------------
  )                        end of \1
----------------------------------------------------------------------
  \s+                      whitespace (\n, \r, \t, \f, and " ") (1 or
                           more times (matching the most amount
                           possible))
----------------------------------------------------------------------
  (                        group and capture to \2:
----------------------------------------------------------------------
    [\d.]+                   any character of: digits (0-9), '.' (1
                             or more times (matching the most amount
                             possible))
----------------------------------------------------------------------
  )                        end of \2
----------------------------------------------------------------------
  \s+                      whitespace (\n, \r, \t, \f, and " ") (1 or
                           more times (matching the most amount
                           possible))
----------------------------------------------------------------------
  (                        group and capture to \3:
----------------------------------------------------------------------
    [\w\s]+?                 any character of: word characters (a-z,
                             A-Z, 0-9, _), whitespace (\n, \r, \t,
                             \f, and " ") (1 or more times (matching
                             the least amount possible))
----------------------------------------------------------------------
  )                        end of \3
----------------------------------------------------------------------
  \s+                      whitespace (\n, \r, \t, \f, and " ") (1 or
                           more times (matching the most amount
                           possible))
----------------------------------------------------------------------
  (                        group and capture to \4:
----------------------------------------------------------------------
    AUTHENTICATION:SES       'AUTHENTICATION:SESSION'
    SION
----------------------------------------------------------------------
  )                        end of \4
----------------------------------------------------------------------
  \s+                      whitespace (\n, \r, \t, \f, and " ") (1 or
                           more times (matching the most amount
                           possible))
----------------------------------------------------------------------
  (                        group and capture to \5:
----------------------------------------------------------------------
    .+?                      any character except \n (1 or more times
                             (matching the least amount possible))
----------------------------------------------------------------------
    portal                   'portal'
----------------------------------------------------------------------
  )                        end of \5
----------------------------------------------------------------------
  \s                       whitespace (\n, \r, \t, \f, and " ")
----------------------------------------------------------------------
  (                        group and capture to \6:
----------------------------------------------------------------------
    .+?                      any character except \n (1 or more times
                             (matching the least amount possible))
----------------------------------------------------------------------
  )                        end of \6
----------------------------------------------------------------------
  \(                       '('
----------------------------------------------------------------------
  (                        group and capture to \7:
----------------------------------------------------------------------
    [\d.]+                   any character of: digits (0-9), '.' (1
                             or more times (matching the most amount
                             possible))
----------------------------------------------------------------------
  )                        end of \7
----------------------------------------------------------------------
  (?:                      group, but do not capture (optional
                           (matching the most amount possible)):
----------------------------------------------------------------------
    :                        ':'
----------------------------------------------------------------------
    (                        group and capture to \8:
----------------------------------------------------------------------
      \d+                      digits (0-9) (1 or more times
                               (matching the most amount possible))
----------------------------------------------------------------------
    )                        end of \8
----------------------------------------------------------------------
  )?                       end of grouping
----------------------------------------------------------------------
  \)                       ')'
----------------------------------------------------------------------
  $                        before an optional \n, and the end of the
                           string
----------------------------------------------------------------------
)                        end of grouping
----------------------------------------------------------------------
于 2013-05-23T09:08:21.537 回答