Question

我试图在2秒内在我的日志文件中捕获3个或更多字符串。考试

213.240.206.92 - - [22/Apr/2018:16:47:50 +0300] "POST /?wc-ajax=get_refreshed_fragments HTTP/2.0" 200 6295 "https://localhost/shop/peach/corral/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
213.240.206.92 - - [22/Apr/2018:16:47:51 +0300] "POST /?wc-ajax=get_refreshed_fragments HTTP/2.0" 200 6295 "https://localhost/shop/peach/black/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
213.240.206.92 - - [22/Apr/2018:16:47:52 +0300] "POST /?wc-ajax=get_refreshed_fragments HTTP/2.0" 200 6295 "https://localhost/shop/m/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
213.240.206.92 - - [22/Apr/2018:16:47:59 +0300] "POST /?wc-ajax=get_refreshed_fragments HTTP/2.0" 200 6295 "https://localhost/shop/choko/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"

在上面的情况下，我需要捕获前三个字符串，因为它有2秒的间隔，但不是第4，因为它与之前的间隔为3秒。我只能使用

捕获一个字符串

^<HOST> - .*"POST /\?wc-ajax=get_refreshed_fragments HTTP/2\.0"

但它不适合多线。

^<HOST> -.*"POST /\?wc-ajax=get_refreshed_fragments HTTP/2\.0".*\s.*"POST /\?wc-ajax=get_refreshed_fragments HTTP/2\.0".*\s.*"POST /\?wc-ajax=get_refreshed_fragments HTTP/2\.0"

如何在6秒内捕获3个字符串？
我是否需要正确的正则表达式，或者我能够使用我唯一正在运行的正则表达式并放入jail.conf

maxretry = 3

findtime = 6

正则表达式在6秒内捕获3个字符串

0 个答案: