使用正则表达式排除匹配条件的行

时间:2014-09-04 17:04:07

标签: regex

我想使用regexp从下面的输出中排除地址为10.0.0.2的行。

我的命令:

cat /var/log/secure | egrep '\s+sshd\[[[:digit:]]+\]: Failed password for (invalid user )?nessus from \S+'

输出:

Aug 28 09:58:18 server34 sshd[13567]: Failed password for invalid user nessus from 10.0.0.4 port 33254 ssh2
Aug 28 09:58:57 server34 sshd[13577]: Failed password for invalid user nessus from 10.0.0.4 port 33366 ssh2
Aug 28 10:01:09 server34 sshd[13854]: Failed password for invalid user nessus from 10.0.0.4 port 33841 ssh2
Aug 28 10:01:30 server34 sshd[13932]: Failed password for invalid user nessus from 10.0.0.4 port 34074 ssh2
Aug 28 10:01:48 server34 sshd[13957]: Failed password for invalid user nessus from 10.0.0.4 port 36108 ssh2
Aug 28 10:01:50 server34 sshd[13959]: Failed password for invalid user nessus from 10.0.0.4 port 36540 ssh2
Aug 29 03:29:11 server34 sshd[7461]: Failed password for invalid user nessus from 10.0.0.2 port 46375 ssh2
Aug 29 03:29:54 server34 sshd[7475]: Failed password for invalid user nessus from 10.0.0.2 port 34047 ssh2
Aug 29 03:31:51 server34 sshd[8335]: Failed password for invalid user nessus from 10.0.0.2 port 47509 ssh2
Aug 29 03:31:58 server34 sshd[8355]: Failed password for invalid user nessus from 10.0.0.2 port 48692 ssh2
Aug 29 03:32:42 server34 sshd[8423]: Failed password for invalid user nessus from 10.0.0.2 port 54580 ssh2
Aug 29 03:32:49 server34 sshd[8425]: Failed password for invalid user nessus from 10.0.0.2 port 55557 ssh2

我想坚持使用regexp(以当前格式),因为这是SCOM在Linux中scans log files时使用的内容。

1 个答案:

答案 0 :(得分:1)

您可以移除无用的cat并使用其他grep -v进行排除:

egrep '\s+sshd\[[[:digit:]]+\]: Failed password for (invalid user )?nessus from' /var/log/secure | \
 grep -F -v '10.0.0.2'

使用单grep来执行此操作:

grep -P '(?!.*?10\.0\.0\.2)\s+sshd\[[[:digit:]]+\]: Failed password for (invalid user )?nessus from \S+' file

Aug 28 09:58:18 server34 sshd[13567]: Failed password for invalid user nessus from 10.0.0.4 port 33254 ssh2
Aug 28 09:58:57 server34 sshd[13577]: Failed password for invalid user nessus from 10.0.0.4 port 33366 ssh2
Aug 28 10:01:09 server34 sshd[13854]: Failed password for invalid user nessus from 10.0.0.4 port 33841 ssh2
Aug 28 10:01:30 server34 sshd[13932]: Failed password for invalid user nessus from 10.0.0.4 port 34074 ssh2
Aug 28 10:01:48 server34 sshd[13957]: Failed password for invalid user nessus from 10.0.0.4 port 36108 ssh2
Aug 28 10:01:50 server34 sshd[13959]: Failed password for invalid user nessus from 10.0.0.4 port 36540 ssh2
相关问题
最新问题