我有 1 个 ascii 纯输入文本文件,如下所示,很多情况下,我在这里给出 2 个 switch case。我需要的是我需要在下面的文本文件中提取所有以'$'开头的详细函数(如粗体)并放入新文件1中。然后我需要在nvp_add函数中提取所有以'$'开头的字符串(如粗体) 在下面的文本文件中并放入新文件 2。我期待这样的输出:
预期输出在文件 1 中:
case "11": ### eventDDoSLow
$severity, $description, $eventID, $eventURL, $alertLevel, $eventStart, $eventSourceCount
case "15": ### eventWormLow
$severity, $description, $eventID, $eventURL, $alertLevel, $eventStart, $eventSourceCount, $eventSourceTable, $eventDestCount, $eventDestTable, $eventProtocolCount, $eventProtocolTable, $eventServiceCount, $eventServiceTable, $mazuSourceName
预期输出在文件 2 中:
case "11": ### eventDDoSLow
$severity, $description, $eventID, $eventURL, $alertLevel, $eventStart, $eventSourceCount
case "15": ### eventWormLow
$severity, $description, $eventID, $eventURL, $alertLevel, $eventStart, $eventSourceCount, $eventSourceTable, $eventDestCount, $eventDestTable, $eventProtocolCount, $eventProtocolTable, $eventServiceCount, $eventServiceTable, $mazuSourceName
输入文件(纯ASCII):
switch($specific-trap)
{
case "11": ### eventDDoSLow
##########
# $1 = severity
# $2 = description
# $3 = eventID
# $4 = eventURL
# $5 = alertLevel
# $6 = eventStart
# $7 = eventSourceCount
# $8 = eventSourceTable
# $9 = eventDestCount
# $10 = eventDestTable
# $11 = eventProtocolCount
# $12 = eventProtocolTable
# $13 = eventServiceCount
# $14 = eventServiceTable
# $15 = eventNormalBPS
# $16 = eventCurrentBPS
# $17 = eventNormalPPS
# $18 = eventCurrentPPS
##########
$severity = $1
$description = $2
$eventID = $3
$eventURL = $4
$alertLevel = lookup($5, AlertLevel)
$eventStart = $6
$eventSourceCount = $7
$eventSourceTable = $8
$eventDestCount = $9
$eventDestTable = $10
$eventProtocolCount = $11
$eventProtocolTable = $12
$eventServiceCount = $13
$eventServiceTable = $14
$eventNormalBPS = $15
$eventCurrentBPS = $16
$eventNormalPPS = $17
$eventCurrentPPS = $18
include "$NC_RULES_HOME/include-snmptrap/riverbed/riverbed-
MAZU-MIB.parser.include.snmptrap.rules"
@URL = $eventURL
$OS_EventId = "SNMPTRAP-riverbed-MAZU-MIB-eventDDoSLow"
@AlertGroup = "Denial Of Service"
@AlertKey = "Event ID: " + $eventID
@Summary = "Denial of Service ( Src: " + $mazuSourceName + ", Dest: " +
$mazuDestName + " )" + " ( " + @AlertKey + " ) "
$DEFAULT_Severity = 2
$DEFAULT_Type = 1
$DEFAULT_ExpireTime = 0
@Identifier = @Node + " " + @AlertKey + " " + @AlertGroup + " " +
$DEFAULT_Type + " " + @Agent + " " + @Manager + " " + $specific-trap
$alertLevel = $alertLevel + " ( " + $5 + " )"
if(match($OPTION_EnableDetails, "1") or
match($OPTION_EnableDetails_riverbed, "1")) {
**details****($severity, $description, $eventID, $eventURL, $alertLevel,
$eventStart, $eventSourceCount)**
}
**@ExtendedAttr = **nvp_add**(@ExtendedAttr, "severity", $severity,
"description", $description, "eventID", $eventID,
"eventURL", $eventURL, "alertLevel", $alertLevel,
"eventStart", $eventStart,
"eventSourceCount", $eventSourceCount)**
case "15": ### eventWormLow
##########
# $1 = severity
# $2 = description
# $3 = eventID
# $4 = eventURL
# $5 = alertLevel
# $6 = eventStart
# $7 = eventSourceCount
# $8 = eventSourceTable
# $9 = eventDestCount
# $10 = eventDestTable
# $11 = eventProtocolCount
# $12 = eventProtocolTable
# $13 = eventServiceCount
# $14 = eventServiceTable
##########
$severity = $1
$description = $2
$eventID = $3
$eventURL = $4
$alertLevel = lookup($5, AlertLevel)
$eventStart = $6
$eventSourceCount = $7
$eventSourceTable = $8
$eventDestCount = $9
$eventDestTable = $10
$eventProtocolCount = $11
$eventProtocolTable = $12
$eventServiceCount = $13
$eventServiceTable = $14
include "$NC_RULES_HOME/include-snmptrap/riverbed/riverbed-
MAZU-MIB.parser.include.snmptrap.rules"
@URL = $eventURL
$OS_EventId = "SNMPTRAP-riverbed-MAZU-MIB-eventWormLow"
@AlertGroup = "Worm Detected"
@AlertKey = "Event ID: " + $eventID
@Summary = "Worm Detected ( Src: " + $mazuSourceName + ", Dest: " +
$mazuDestName + " )" + " ( " + @AlertKey + " ) "
$DEFAULT_Severity = 2
$DEFAULT_Type = 1
$DEFAULT_ExpireTime = 0
@Identifier = @Node + " " + @AlertKey + " " + @AlertGroup + " " +
$DEFAULT_Type + " " + @Agent + " " + @Manager + " " + $specific-trap
$alertLevel = $alertLevel + " ( " + $5 + " )"
if(match($OPTION_EnableDetails, "1") or
match($OPTION_EnableDetails_riverbed, "1")) {
**details($severity, $description, $eventID, $eventURL, $alertLevel,
$eventStart, $eventSourceCount, $eventSourceTable, $eventDestCount, $eventDestTable,
$eventProtocolCount, $eventProtocolTable, $eventServiceCount, $eventServiceTable,
$mazuSourceName)**
}
**@ExtendedAttr = nvp_add(@ExtendedAttr, "severity", $severity, "description", $description, "eventID", $eventID,
"eventURL", $eventURL, "alertLevel", $alertLevel, "eventStart", $eventStart,
"eventSourceCount", $eventSourceCount, "eventSourceTable", $eventSourceTable, "eventDestCount", $eventDestCount,
"eventDestTable", $eventDestTable, "eventProtocolCount", $eventProtocolCount, "eventProtocolTable", $eventProtocolTable,
"eventServiceCount", $eventServiceCount, "eventServiceTable", $eventServiceTable, "mazuSourceName", $mazuSourceName)**