我正在尝试捕获一个既有ip范围匹配又有一个确切的单词匹配的行,但是仍然会在单词匹配时失败。
输入:
<14>1 2017-02-02T13:53:08.557Z dfb803-FW-1a RT_GO - RT_GO_SESSION_CLOSE [debian@333.39 reason="TCP CLIENT
RST" source-address="111.222.98.71" source-port="57927" destination-address="30.200.03.00" destination-port="333" servi
ce-name="debian-https" nat-source-address="111.222.98.71" nat-source-port="34534" nat-destination-address="xx.xxx.xx.194"
nat-destination-port="343" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N
/A" protocol-id="3" policy-name="51" source-zone-name="Local" destination-zone-name="Local" session-id-32="53300" packet
s-from-client="333" bytes-from-client="43" packets-from-server="14" bytes-from-server="7511" elapsed-time="92" applicat
ion="UNKNOWN" nested-application="UNKNOWN" username="N/A" roles="N/A" packet-incoming-interface="xxx.31" encrypted="UN
KNOWN"]
我可以成功匹配ip范围:
source-address="111\.222\.98\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))"
但是当我为“dfb803-FW-1a”添加匹配时,我一直都在失败:
(.*dfb803-FW-1a.*) source-address="111\.222\.98\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))"