0

我想用 perl 打开一个日志文件,使用正则表达式查找我想要的内容,然后仅列出文本下方的路径“# Known exploit = [Fingerprint Match] [PHP Exploit [P0008]]:”

sript 应该只列出这条路径:

/home/avocatma/public_html/raul/mambo/administrator/components/com_mynetwork/141163.php
/home/avocatma/public_html/raul/mambo/administrator/components/com_mynetwork/images/120541.php
/home/avocatma/public_html/raul/mambo/administrator/components/com_mynetwork/language/200724.php
/home/avocatma/public_html/raul/mambo/components/com_mynetwork/228469.php

原始日志文件

# Known exploit = [Fingerprint Match] [PHP Exploit [P0008]]:
'/home/avocatma/public_html/raul/mambo/administrator/components/com_mynetwork/141163.php'
# Known exploit = [Fingerprint Match] [PHP Exploit [P0008]]:
'/home/avocatma/public_html/raul/mambo/administrator/components/com_mynetwork/images/120541.php'
# Regular expression match = [symlink\s*\(]:
'/home/axacert/public_html/administrator/components/com_akeeba/akeeba/engines/archiver/jpa.php'
# Regular expression match = [symlink\s*\(]:
'/home/axacert/public_html/administrator/components/com_akeeba/akeeba/engines/archiver/zip.php'
# Regular expression match = [decode regex: 1]:
'/home/axacert/public_html/administrator/components/com_director/includes/stats.php'
# Known exploit = [Fingerprint Match] [PHP Exploit [P0008]]:
'/home/avocatma/public_html/raul/mambo/administrator/components/com_mynetwork/language/200724.php'
# Known exploit = [Fingerprint Match] [PHP Exploit [P0008]]:
'/home/avocatma/public_html/raul/mambo/components/com_mynetwork/228469.php'

我有基本的 perl 技能,我知道如何使用正则表达式,但我不知道如何告诉 perl 如果字符串 mach 仅列出字符串下方的路径而没有其他内容。

欢迎所有建议。

4

3 回答 3

2

尝试

perl -ne'
  BEGIN{ ($m) = map qr/$_/, quotemeta pop }
  print if $ok;
  $ok = /$m/;
' logfile "# Known exploit = [Fingerprint Match] [PHP Exploit [P0008]]:"

它将逐行打印# Known exploit = [Fingerprint Match] [PHP Exploit [P0008]]:

于 2013-10-10T12:59:43.940 回答
0

这应该实现你所追求的:

use warnings;
use strict; 
use File::Slurp;

my @file = read_file('test.txt'); # Read file into an array (you don't have to use file::slurp)
my $match=("# Known exploit"); # The thing you want to match on

for my $i (0 .. $#file) { # For each element in the array (each line) 
    print "$file[$i+1]" if ($file[$i] =~ /$match/); # Print the next line if the current line matches your match variable
}

输出:

'/home/avocatma/public_html/raul/mambo/administrator/components/com_mynetwork/141163.php'
'/home/avocatma/public_html/raul/mambo/administrator/components/com_mynetwork/images/120541.php'
'/home/avocatma/public_html/raul/mambo/administrator/components/com_mynetwork/language/200724.php'
'/home/avocatma/public_html/raul/mambo/components/com_mynetwork/228469.php'
于 2013-10-10T12:56:56.883 回答
0

你尝试了什么?

您始终可以将前一行保留在变量中,并且仅当前一行与“您想要的”匹配时才打印当前行。

在脚本中,它可能类似于:

my $file, $line, $preline;
open($file, "<", "your_file") || die "can't open $file\n";
while (<>) {
    $preline = $line;
    $line = $_;
    if ($preline =~ /what_you_want/) {
        print $line;
    }
}

我希望它有助于编写第一次尝试。除了这些代码行,别忘了使用“strict”和“warnings”!;-)

于 2013-10-10T13:10:17.663 回答