我找不到适合我要标识的元素的正则表达式
我要分析的日志文件示例:
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
[20190625-10:19:22] [INFO ] xrdp_wm_log_msg: login failed for display 0
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52167
[20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52176
[20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52177
我想找到正则表达式来检测这种样式的行:
[20190625-11:47:51] [INFO ] A connection received from: ::ffff:192.168.1.32 port 55737
我已经测试过failregex = ^.*ffff:<HOST> port *$
Not ok
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 6 lines, 0 ignored, 0 matched, 6 missed
[processed in 0.01 sec]
|- Missed line(s):
| [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
| [20190625-10:19:22] [INFO ] xrdp_wm_log_msg: login failed for display 0
| [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
| [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52167
| [20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52176
| [20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52177
答案 0 :(得分:0)
我不太确定,只是猜测我们可能想要一个类似于以下内容的表达式:
(\[[0-9]{8}.+?A connection received from: ::ffff:.+?port\s+[0-9]+)
带有s标志。