我在理解以下正则表达式时遇到问题:
regexp="(?P<date>\d{4}-\d{2}-\d{2}-\d{2}:\d{2}:\d{2})\S+\s(?P<proto>\w+)\S+\s(?P<sid>\S)\s+(? P<sip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\s+(?P<sport>\d+))?\s+(?P<dip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(:)?\s(?P<dport>\d+)((:)?\s+(?P<info>\S+\s\S+)\s+\[(?P<comment>.*)\])?"
0或1
日期= {normalize_date($日期)}
plugin_sid = {翻译($ SID)}
src_ip = {$ SIP}
src_port = {$}运动
dst_ip = {$浸}
dst_port = {$ DPORT}
协议= {$原}
userdata1 = {$资讯}
userdata2 = {$}评论
什么是?P代表什么?有人可以通过拼写逻辑来帮助我理解这个怪物吗?
答案 0 :(得分:4)
(?P...)是named group。
哦,(? P<sip>可能无效(我不认为那里有空格)。
如果您有任何其他问题, this 是解释正则表达式的有用资源,但它不适用于(?P...)。
没有命名组的正则表达式的解释(所以只需将“group and capture to the 1”替换为“group并捕获到'date'”作为第一个,依此类推)(link):
NODE EXPLANATION
--------------------------------------------------------------------------------
( group and capture to \1:
--------------------------------------------------------------------------------
\d{4} digits (0-9) (4 times)
--------------------------------------------------------------------------------
- '-'
--------------------------------------------------------------------------------
\d{2} digits (0-9) (2 times)
--------------------------------------------------------------------------------
- '-'
--------------------------------------------------------------------------------
\d{2} digits (0-9) (2 times)
--------------------------------------------------------------------------------
- '-'
--------------------------------------------------------------------------------
\d{2} digits (0-9) (2 times)
--------------------------------------------------------------------------------
: ':'
--------------------------------------------------------------------------------
\d{2} digits (0-9) (2 times)
--------------------------------------------------------------------------------
: ':'
--------------------------------------------------------------------------------
\d{2} digits (0-9) (2 times)
--------------------------------------------------------------------------------
) end of \1
--------------------------------------------------------------------------------
\S+ non-whitespace (all but \n, \r, \t, \f,
and " ") (1 or more times (matching the
most amount possible))
--------------------------------------------------------------------------------
\s whitespace (\n, \r, \t, \f, and " ")
--------------------------------------------------------------------------------
( group and capture to \2:
--------------------------------------------------------------------------------
\w+ word characters (a-z, A-Z, 0-9, _) (1 or
more times (matching the most amount
possible))
--------------------------------------------------------------------------------
) end of \2
--------------------------------------------------------------------------------
\S+ non-whitespace (all but \n, \r, \t, \f,
and " ") (1 or more times (matching the
most amount possible))
--------------------------------------------------------------------------------
\s whitespace (\n, \r, \t, \f, and " ")
--------------------------------------------------------------------------------
( group and capture to \3:
--------------------------------------------------------------------------------
\S non-whitespace (all but \n, \r, \t, \f,
and " ")
--------------------------------------------------------------------------------
) end of \3
--------------------------------------------------------------------------------
\s+ whitespace (\n, \r, \t, \f, and " ") (1 or
more times (matching the most amount
possible))
--------------------------------------------------------------------------------
( group and capture to \4:
--------------------------------------------------------------------------------
\d{1,3} digits (0-9) (between 1 and 3 times
(matching the most amount possible))
--------------------------------------------------------------------------------
\. '.'
--------------------------------------------------------------------------------
\d{1,3} digits (0-9) (between 1 and 3 times
(matching the most amount possible))
--------------------------------------------------------------------------------
\. '.'
--------------------------------------------------------------------------------
\d{1,3} digits (0-9) (between 1 and 3 times
(matching the most amount possible))
--------------------------------------------------------------------------------
\. '.'
--------------------------------------------------------------------------------
\d{1,3} digits (0-9) (between 1 and 3 times
(matching the most amount possible))
--------------------------------------------------------------------------------
) end of \4
--------------------------------------------------------------------------------
( group and capture to \5 (optional
(matching the most amount possible)):
--------------------------------------------------------------------------------
\s+ whitespace (\n, \r, \t, \f, and " ") (1
or more times (matching the most amount
possible))
--------------------------------------------------------------------------------
( group and capture to \6:
--------------------------------------------------------------------------------
\d+ digits (0-9) (1 or more times
(matching the most amount possible))
--------------------------------------------------------------------------------
) end of \6
--------------------------------------------------------------------------------
)? end of \5 (NOTE: because you are using a
quantifier on this capture, only the LAST
repetition of the captured pattern will be
stored in \5)
--------------------------------------------------------------------------------
\s+ whitespace (\n, \r, \t, \f, and " ") (1 or
more times (matching the most amount
possible))
--------------------------------------------------------------------------------
( group and capture to \7:
--------------------------------------------------------------------------------
\d{1,3} digits (0-9) (between 1 and 3 times
(matching the most amount possible))
--------------------------------------------------------------------------------
\. '.'
--------------------------------------------------------------------------------
\d{1,3} digits (0-9) (between 1 and 3 times
(matching the most amount possible))
--------------------------------------------------------------------------------
\. '.'
--------------------------------------------------------------------------------
\d{1,3} digits (0-9) (between 1 and 3 times
(matching the most amount possible))
--------------------------------------------------------------------------------
\. '.'
--------------------------------------------------------------------------------
\d{1,3} digits (0-9) (between 1 and 3 times
(matching the most amount possible))
--------------------------------------------------------------------------------
) end of \7
--------------------------------------------------------------------------------
( group and capture to \8 (optional
(matching the most amount possible)):
--------------------------------------------------------------------------------
: ':'
--------------------------------------------------------------------------------
)? end of \8 (NOTE: because you are using a
quantifier on this capture, only the LAST
repetition of the captured pattern will be
stored in \8)
--------------------------------------------------------------------------------
\s whitespace (\n, \r, \t, \f, and " ")
--------------------------------------------------------------------------------
( group and capture to \9:
--------------------------------------------------------------------------------
\d+ digits (0-9) (1 or more times (matching
the most amount possible))
--------------------------------------------------------------------------------
) end of \9
--------------------------------------------------------------------------------
( group and capture to \10 (optional
(matching the most amount possible)):
--------------------------------------------------------------------------------
( group and capture to \11 (optional
(matching the most amount possible)):
--------------------------------------------------------------------------------
: ':'
--------------------------------------------------------------------------------
)? end of \11 (NOTE: because you are using
a quantifier on this capture, only the
LAST repetition of the captured pattern
will be stored in \11)
--------------------------------------------------------------------------------
\s+ whitespace (\n, \r, \t, \f, and " ") (1
or more times (matching the most amount
possible))
--------------------------------------------------------------------------------
( group and capture to \12:
--------------------------------------------------------------------------------
\S+ non-whitespace (all but \n, \r, \t,
\f, and " ") (1 or more times
(matching the most amount possible))
--------------------------------------------------------------------------------
\s whitespace (\n, \r, \t, \f, and " ")
--------------------------------------------------------------------------------
\S+ non-whitespace (all but \n, \r, \t,
\f, and " ") (1 or more times
(matching the most amount possible))
--------------------------------------------------------------------------------
) end of \12
--------------------------------------------------------------------------------
\s+ whitespace (\n, \r, \t, \f, and " ") (1
or more times (matching the most amount
possible))
--------------------------------------------------------------------------------
\[ '['
--------------------------------------------------------------------------------
( group and capture to \13:
--------------------------------------------------------------------------------
.* any character except \n (0 or more
times (matching the most amount
possible))
--------------------------------------------------------------------------------
) end of \13
--------------------------------------------------------------------------------
\] ']'
--------------------------------------------------------------------------------
)? end of \10 (NOTE: because you are using a
quantifier on this capture, only the LAST
repetition of the captured pattern will be
stored in \10)