python - 使用 Python 从字符串中提取 IP

Question

我刚刚看了一下正则表达式，我有点困惑。我编写了一个程序，可以实时逐行分析“auth.log”文件。现在我需要条目中的不同信息。

if "sshd" in line
    if "Accepted password" in line
        REGEX Query to get the username and ip
    elif "session closed" in line
        REGEX Query to get the username

这是日志文件中的条目:

Nov 29 13:20:33 Debian sshd[4043]: Accepted password for patrick from ::1 port 50864 ssh2
Nov 29 13:20:33 Debian sshd[4043]: pam_unix(sshd:session): session opened for user patrick by (uid=0)
Nov 29 13:21:23 Debian sshd[4043]: pam_unix(sshd:session): session closed for user patrick

我应该选择哪个工具来执行此操作？研究？

Answer 1

由于日志条目采用强格式，您可能不需要使用正则表达式:

$ cat t.txt 
Nov 29 13:20:33 Debian sshd[4043]: Accepted password for patrick from ::1 port 50864 ssh2
Nov 29 13:20:33 Debian sshd[4043]: pam_unix(sshd:session): session opened for user patrick by (uid=0)
Nov 29 13:21:23 Debian sshd[4043]: pam_unix(sshd:session): session closed for user patrick
$ cat t.py 
#/usr/bin/env python
for line in open('t.txt'):
    if "sshd" in line:
        if "Accepted password" in line:
            print "User: ", line.split()[8]
            print "IP: ", line.split()[10]
        if "session closed" in line:
            print "User: ", line.split()[10]
$ python t.py 
User:  patrick
IP:  ::1
User:  patrick

当然，您需要更加小心像 if "sshd"in line: 这样的行，但您明白了。