2

我希望以下正则表达式代码返回 IP 地址的输出,而不从源文件返回其他数值作为 IP。

编码:

import re

logdata = 146.204.224.152 - feest6811 [21/Jun/2019:15:45:24 -0700] "POST /incentivize HTTP/1.1" 302 4622
for item in re.finditer("(?P<host>[\d.]+)", logdata):
    print(item.groupdict())

所需输出:

{'host': '146.204.224.152'}

不需要的输出:

{'host': '6811'}
4

2 回答 2

1

我认为应该这样做:

(?P<host>(\d+\.){3}\d+)
于 2021-03-26T21:53:13.710 回答
1

利用

import re
logdata = r'146.204.224.152 - feest6811 [21/Jun/2019:15:45:24 -0700] "POST /incentivize HTTP/1.1" 302 4622'
for item in re.finditer(r"\b(?P<host>(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3})\b", logdata):
    print(item.groupdict())

请参阅Python 证明

结果{'host': '146.204.224.152'}

请参阅使用 regex 从字符串中提取 ip 地址

像您一样从日志行中获取host和获取:time

import re
logdata = r'146.204.224.152 - feest6811 [21/Jun/2019:15:45:24 -0700] "POST /incentivize HTTP/1.1" 302 4622'
match_data = re.search(r'^(?P<host>\S+).*?\[(?P<time>.*?)]', logdata)
if match_data:
    print(match_data.groupdict())

请参阅Python 证明

解释

--------------------------------------------------------------------------------
  ^                        the beginning of the string
--------------------------------------------------------------------------------
  (?P<host>                  group and capture to (?P=host):
--------------------------------------------------------------------------------
    \S+                      non-whitespace (all but \n, \r, \t, \f,
                             and " ") (1 or more times (matching the
                             most amount possible))
--------------------------------------------------------------------------------
  )                        end of (?P=host)
--------------------------------------------------------------------------------
  .*?                      any character except \n (0 or more times
                           (matching the least amount possible))
--------------------------------------------------------------------------------
  \[                       '['
--------------------------------------------------------------------------------
  (?P<time>                  group and capture to (?P=time):
--------------------------------------------------------------------------------
    .*?                      any character except \n (0 or more times
                             (matching the least amount possible))
--------------------------------------------------------------------------------
  )                        end of (?P=time)
--------------------------------------------------------------------------------
  ]                        ']'
于 2021-03-26T22:22:59.900 回答