我的TCL脚本:
set line {
Jul 24 21:06:40 2014: %AUTH-6-INFO: login[1765]: user 'admin' on 'pts/1' logged
Jul 24 21:05:15 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.58.net. Flow: 0x2
Jul 24 21:04:39 2014: %DATAPLANE-5-: Unrecognized HTTP URL static.58.com. Flow:
Jul 24 21:04:38 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.google-analytics.com. Flow: 0x2265394048.
Jul 24 21:04:36 2014: %DATAPLANE-5-: Unrecognized HTTP URL track.58.co.in. Flow: 0
Jul 24 21:04:38 2014: %DATAPLANE-5-:Unrecognized HTTP URL www.google.co.in. Flow: 0x87078800
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Client Hello ServerName www.google.co.in. Flow: 0x87073880. len_analyzed: 183
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Hello ServerName test1. Flow: 0x87073880, len_analyzed 99
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Cert CommonName *.google.com. Flow: 0x87073880
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Searching rname(TYPE_A) cs50.wac.edgecastcdn.net in dns_hash_table
Jul 24 21:04:38 2014: %DATAPLANE-5-:Unrecognized HTTP URL www.facebook.com. Flow: 0x87078800
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Client Hello ServerName www.fb.com. Flow: 0x87073880. len_analyzed: 183
Jul 24 21:05:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Hello ServerName test. Flow: 0x87073880, len_analyzed 99
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Cert CommonName *.facebook.com. Flow: 0x87073880
Jul 24 21:05:39 2014: %DATAPLANE-5-:CCB:44:Searching rname(TYPE_A) cs50.wac.facebook.net in dns_hash_table
}
set urls [list]
foreach item [regexp -all -inline {Client[ ]Hello[ ]ServerName\s+\S+} $line] {
lappend urls [lindex $item 1]
}
#puts $res
set s "*****************************************************"
set f {}
set f [open output.txt a]
if {$f ne {}} {
foreach url $urls {
chan puts $f $url
}
chan puts $f $s
chan close $f
}
我正在尝试打印" Client Hello ServerName"之后出现的字符。在$line。我需要匹配精确的"客户端Hello ServerName"并在regexp中使用它来获取输出。我试过了Client[ ]Hello[ ]ServerName。但它不起作用。
输出应该是" www.google.co.in。 www.fb.com&#34。在output.txt文件中。
答案 0 :(得分:2)
您可以使用大括号()在 Client Hello ServerName 之后捕获字符串,例如:
foreach {dummy item} [regexp -all -inline {Client Hello ServerName\s+(\S+)} $line] {
lappend urls $item
}
答案 1 :(得分:1)
在此尝试测试您的知识和模式:https://www.debuggex.com/ 它非常适合学习和检查你是否得到了你想要的东西。
尽管如此:
set pattern {^.*Client Hello ServerName\s+(.*)\s+Flow.*$}
foreach element $line {
set result [regexp $pattern $element match url]
if {$url} {
lappend urls $url
}
}
()会匹配您想要的模式。使用' 。* '它是一种简单的方法来查看匹配是什么,添加一个模式可以使它更容易思考。
如果regexp匹配则$ result = 1,否则$ return = 0;如果匹配发生,则将url匹配添加到网址。
找到有关tcl regexp的更多信息