-4

我有一个字符串

 Jun 11 02:47:04 webwork-tlv tcp: 2013-06-11 02:47:04 - ive - [84.11.11.11] hacker(Secure ID)[Manage System] - Host Checker policy 'Machine center' passed on host 84.11.11.11  for user 'hacker'

一些字符串看起来像这样

 Jun 11 00:13:26 webwork-tlv tcp: 2013-06-11 00:13:25 - ive - [10.11.12.19] hacker(Secure ID)[Manage System] - Sensor tlv-entid-001 - timestamp=[Tue Jun 11 02:23:42 2013 ] severity=[4] policyStr=[IDP 20110132] category=[attack] protocol=[tcp] attackStr=[HTTP:XSS:HTML-SCRIPT-IN-URL-VA] rulebaseStr=[IDS] rulebaseType=[Main Rule Base] srcAddr=[10.11.12.19] srcPort=[3333] dstAddr=[66.11.12.13] dstPort=[80] action=[drop] policyVersion=[41] ruleNumber=[3]

我想在开头提取日期,ip在[]之间但是如果它是内部ip(以10或192开头),则不需要提取和idhacker之前(SecureID)

所以结果应该是 ip:84.11.11.11, id:hacker

先感谢您

4

2 回答 2

2 
>>> regex = re.compile("(\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]) ([a-zA-Z0-9]+)")
>>> r = regex.search(string)

# List the groups found
>>> r.groups()
(u'[84.11.11.11]', u'hacker')
于 2013-06-11T22:57:34.443 回答
0

有点乏味,但是:

s = "Jun 11 02:47:04 webwork-tlv tcp: 2013-06-11 02:47:04 - ive - [84.11.11.11] hacker(Secure ID)[Manage System] - Host Checker policy 'Machine center' passed on host 84.11.11.11  for user 'hacker'."
parts = s.split('[')[1].split(']')
{'ip': parts[0], 'id': parts[1].split('(Secure ID)')[0]}
于 2013-06-11T22:58:42.827 回答