我目前正在开发PowerShell脚本,通过读取VPN服务器的事件日志来分析VPN流量。
我正在使用WMI检索相关的事件条目和正则表达式来提取用户名,流量等信息。事件消息显然包含换行符,我似乎无法通过我的表达式匹配
示例:
The user MYDOMAIN\CHARLY connected on port VPN3-18 on 04.07.2009 at 23:19 and disconnected on 05.07.2009 at 00:03. The user was active for 43 minutes 55 seconds. 886949 bytes were sent and 195113 bytes were received. The reason for disconnecting was user request.
这是我的表达:
The user (?<user>\w*\\\w*) connected on port (?<port>\w*-\w*) on (?<connectdate>\w*.\w*.\w*) at (?<connecttime>\w*:\w*) and disconnected on'n(?<disconnectdate>\w*.\w*.\w*) at (?<disconnecttime>\w*:\w*). The user was active for (?<activeminutes>\w*) minutes (?<activeseconds>\w*) seconds. (?<bytessent>\w*) bytes'nwere sent and (?<bytesreceived>\w*) bytes were received. The'nreason for disconnecting was user request.
现在我不知道还有什么可以尝试,所以我们非常感谢任何帮助。
答案 0 :(得分:3)
换行符与\ s(空格)匹配。尝试测试正则表达式的位并构建它。
有关正则表达式的帮助,请尝试
get-help about_regular_expression
答案 1 :(得分:1)
注意,要获得对正则表达式的最大控制,请实例化[regex](System.Text.RegularExpressions.Regex的PSH快捷方式)。这样,您就可以访问RegexOptions枚举,以提供-match所做的更多控制。
E.g。
$r1 = [regex]"Foo\s*bar"
$r2 = New-Object "System.Text.RegularExpressions.Regex" "Foo\s*bar",[System.Text.RegularExpressions.RegexOptions]::IgnorePatternWhitespace
(在最后一种情况下,该选项允许忽略文字空格(包括换行符),在构建复杂表达式时很有用。)
This page提供了受支持的字符类的详细信息:\ s匹配:
匹配任何空白字符。等同于转义序列和Unicode常规类别
[\f\n\r\t\v\x85\p{Z}]。