我有一根绳子
Jun 11 02:47:04 webwork-tlv tcp: 2013-06-11 02:47:04 - ive - [84.11.11.11] hacker(Secure ID)[Manage System] - Host Checker policy 'Machine center' passed on host 84.11.11.11 for user 'hacker'
一些绳子看起来像那样
Jun 11 00:13:26 webwork-tlv tcp: 2013-06-11 00:13:25 - ive - [10.11.12.19] hacker(Secure ID)[Manage System] - Sensor tlv-entid-001 - timestamp=[Tue Jun 11 02:23:42 2013 ] severity=[4] policyStr=[IDP 20110132] category=[attack] protocol=[tcp] attackStr=[HTTP:XSS:HTML-SCRIPT-IN-URL-VA] rulebaseStr=[IDS] rulebaseType=[Main Rule Base] srcAddr=[10.11.12.19] srcPort=[3333] dstAddr=[66.11.12.13] dstPort=[80] action=[drop] policyVersion=[41] ruleNumber=[3]
我想在开始提取日期,ip在[]之间,但是如果是内部ip(从10或192开始)则无需提取和id黑客之前(SecureID)
所以结果应该是ip:84.11.11.11,id:hacker
先谢谢你
有点乏味,但是:
相关问题 更多 >
编程相关推荐