求日志匹配正则
时间:2010-08-20
来源:互联网
本帖最后由 LMUser 于 2010-08-20 12:54 编辑
58.251.166.12 [19/Aug/2010:23:59:05 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-07-30" 200 "" ""
115.232.16.62 [19/Aug/2010:23:59:13 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-08-10" 200 "" ""
120.193.201.30 [19/Aug/2010:23:59:25 +0800] "/e.st?e_cd=N5&uid=1901543&send_date=2010-08-19" 200 "" ""
221.221.129.86 [19/Aug/2010:23:59:30 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-08-09" 200 "" ""
61.49.54.119 [19/Aug/2010:23:59:31 +0800] "/e.st?e_cd=T16&uid=611179&send_date=2010-06-27" 200 "" ""
58.250.89.98 [19/Aug/2010:23:59:31 +0800] "/e.st?e_cd=T16&uid=382869&send_date=2010-05-29" 200 "" ""
120.193.201.30 [19/Aug/2010:23:59:32 +0800] "/e.st?e_cd=[N5]&uid=1901543" 200 "" ""
58.34.217.126 [19/Aug/2010:23:59:36 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-08-19" 200 "" ""
180.155.231.176 [19/Aug/2010:23:59:36 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-08-11" 200 "" ""
120.32.237.48 [19/Aug/2010:23:59:38 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-07-18" 200 "" ""
结果就是匹配 e_cd=dm_9_g10_tp& 红色标注这两个位置的值;
[root@WEB1 st.dajie.com]# head -10 email_access.log | perl -e 'while(<>) { /^[^"]+"\/..st\?(e_cd|e_cat)=([^&]+)&/; print "$1\t$2\t\n";}' | more
e_cd dm_9_g10_tp
e_cd dm_9_g10_tp
e_cd N5
e_cd dm_9_g10_tp
e_cd T16
e_cd T16
e_cd [N5]
e_cd dm_9_g10_tp
e_cd dm_9_g10_tp
e_cd dm_9_g10_tp
有一个问题,在 e_cd=[N5]& 中N5的值,如果匹配,应该把[]过滤掉;
58.251.166.12 [19/Aug/2010:23:59:05 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-07-30" 200 "" ""
115.232.16.62 [19/Aug/2010:23:59:13 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-08-10" 200 "" ""
120.193.201.30 [19/Aug/2010:23:59:25 +0800] "/e.st?e_cd=N5&uid=1901543&send_date=2010-08-19" 200 "" ""
221.221.129.86 [19/Aug/2010:23:59:30 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-08-09" 200 "" ""
61.49.54.119 [19/Aug/2010:23:59:31 +0800] "/e.st?e_cd=T16&uid=611179&send_date=2010-06-27" 200 "" ""
58.250.89.98 [19/Aug/2010:23:59:31 +0800] "/e.st?e_cd=T16&uid=382869&send_date=2010-05-29" 200 "" ""
120.193.201.30 [19/Aug/2010:23:59:32 +0800] "/e.st?e_cd=[N5]&uid=1901543" 200 "" ""
58.34.217.126 [19/Aug/2010:23:59:36 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-08-19" 200 "" ""
180.155.231.176 [19/Aug/2010:23:59:36 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-08-11" 200 "" ""
120.32.237.48 [19/Aug/2010:23:59:38 +0800] "/e.st?e_cd=dm_9_g10_tp&[email protected]&send_date=2010-07-18" 200 "" ""
结果就是匹配 e_cd=dm_9_g10_tp& 红色标注这两个位置的值;
[root@WEB1 st.dajie.com]# head -10 email_access.log | perl -e 'while(<>) { /^[^"]+"\/..st\?(e_cd|e_cat)=([^&]+)&/; print "$1\t$2\t\n";}' | more
e_cd dm_9_g10_tp
e_cd dm_9_g10_tp
e_cd N5
e_cd dm_9_g10_tp
e_cd T16
e_cd T16
e_cd [N5]
e_cd dm_9_g10_tp
e_cd dm_9_g10_tp
e_cd dm_9_g10_tp
有一个问题,在 e_cd=[N5]& 中N5的值,如果匹配,应该把[]过滤掉;
作者: LMUser 发布时间: 2010-08-20
难道是太简单?
作者: LMUser 发布时间: 2010-08-20
要去掉 [] 的话,可以用下面的这个。你的正则里面并没有去掉[]的部分啊。
复制代码
- head -10 email_access.log |perl -e 'while(<>){/^[^"]+"\/..st\?(e_cd|e_cat)=\[?([^&]+?)\]?\&/;print "$1\t$2\t\n";}'
作者: heut2009 发布时间: 2010-08-20
perl -nale 'print "$1 $2" if $F[3] =~ /(e_cd|e_cat)=\[?([^&]+?)\]?\&/' email_access.log
作者: iakuf 发布时间: 2010-08-20
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
