正则表达式,用于提取日志中的异常WEB请求的来源IP地址 2022-5-27

发表评论

段落1、WEB异常日志分析

WEB日志里面,很多异常

用正则表达式,提取日志中的,异常请求日志,把来源IP地址都提取出来

段落2、代码,python3

#!/usr/bin/python3
# -*- coding:utf-8 -*-
import re

pttn_ssl_crit = ", client: (\d{0,3}\.\d{0,3}\.\d{0,3}\.\d{0,3}), server: 0.0.0.0:443"

s = """
2022/05/27 05:57:08 [crit] 22177#22177: *1505702 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.221.194, server: 0.0.0.0:443
2022/05/27 05:58:12 [crit] 22177#22177: *1505686 SSL_shutdown() failed (SSL: error:1409F07F:SSL routines:ssl3_write_pending:bad write retry) while closing request, client: 42.185.73.106, server: 0.0.0.0:443
2022/05/27 12:35:25 [crit] 22177#22177: *1539457 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 64.62.197.122, server: 0.0.0.0:443
2022/05/27 12:37:56 [crit] 22177#22177: *1539653 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 125.80.138.80, server: 0.0.0.0:443
2022/05/27 14:41:39 [crit] 22177#22177: *1553119 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 154.89.5.85, server: 0.0.0.0:443
2022/05/27 15:22:47 [crit] 22177#22177: *1557066 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 37.252.255.135, server: 0.0.0.0:443
"""

print(re.findall(pttn_ssl_crit,s))
输出:

['192.241.221.194', '42.185.73.106', '64.62.197.122', '125.80.138.80', '154.89.5.85', '37.252.255.135']

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注