我正在尝试解析一个包含以下行的日志:
2018-11-03 11:52:00,563 WARN [ImapSSLServer-133] [ip=192.168.8.76;oip=123.123.123.123;via=192.168.8.76(nginx/1.7.1);ua=Zimbra/8.8.9_GA_3019;cid=1734;] security - cmd=Auth; account=username@example.com; protocol=imap; error=authentication failed for [username@example.com], invalid password;
我试图了解如何从这样的行中提取以下信息: -oip -帐户
到目前为止的代码:
#!/usr/bin/env python3
import re
imap_failed=0
pop_failed=0
http_failed=0
smtp_failed=0
soap_failed=0
with open("/home/sebas/audit.log", "r") as file:
for line in file:
if "invalid" in line:
if "protocol=imap" in line:
imap_failed +=1
if "protocol=pop" in line:
pop_failed +=1
if "protocol=http" in line:
http_failed +=1
if "oproto=smtp" in line:
smtp_failed += 1
if "protocol=soap" in line:
soap_failed += 1
谢谢!
答案 0 :(得分:1)
You can use positive lookbehind (?<=...):
re.search(r"(?<=oip=)([\d\.]+)",line).group()
Out: '123.123.123.123'
re.search(r"(?<=account=)([^;]+)",line).group()
Out: 'username@example.com'