当前位置: 移动技术网 > 科技>操作系统>Linux > grok正则

grok正则

2018年10月30日  | 移动技术网科技  | 我要评论

username [a-za-z0-9._-]+

user %{username}

int (?:[+-]?(?:[0-9]+))

base10num (?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\.[0-9]+)?)|(?:\.[0-9]+)))

number (?:%{base10num})

base16num (?<![0-9a-fa-f])(?:[+-]?(?:0x)?(?:[0-9a-fa-f]+))

base16float \b(?<![0-9a-fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9a-fa-f]+(?:\.[0-9a-fa-f]*)?)|(?:\.[0-9a-fa-f]+)))\b

 

posint \b(?:[1-9][0-9]*)\b

nonnegint \b(?:[0-9]+)\b

word \b\w+\b

notspace \s+

space \s*

data .*?

greedydata .*

quotedstring (?>(?<!\\)(?>"(?>\\.|[^\\"]+)+"|""|(?>'(?>\\.|[^\\']+)+')|''|(?>`(?>\\.|[^\\`]+)+`)|``))

uuid [a-fa-f0-9]{8}-(?:[a-fa-f0-9]{4}-){3}[a-fa-f0-9]{12}

 

# networking

mac (?:%{ciscomac}|%{windowsmac}|%{commonmac})

ciscomac (?:(?:[a-fa-f0-9]{4}\.){2}[a-fa-f0-9]{4})

windowsmac (?:(?:[a-fa-f0-9]{2}-){5}[a-fa-f0-9]{2})

commonmac (?:(?:[a-fa-f0-9]{2}:){5}[a-fa-f0-9]{2})

ipv6 ((([0-9a-fa-f]{1,4}:){7}([0-9a-fa-f]{1,4}|:))|(([0-9a-fa-f]{1,4}:){6}(:[0-9a-fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-fa-f]{1,4}:){5}(((:[0-9a-fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9a-fa-f]{1,4}:){4}(((:[0-9a-fa-f]{1,4}){1,3})|((:[0-9a-fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-fa-f]{1,4}:){3}(((:[0-9a-fa-f]{1,4}){1,4})|((:[0-9a-fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-fa-f]{1,4}:){2}(((:[0-9a-fa-f]{1,4}){1,5})|((:[0-9a-fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9a-fa-f]{1,4}:){1}(((:[0-9a-fa-f]{1,4}){1,6})|((:[0-9a-fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9a-fa-f]{1,4}){1,7})|((:[0-9a-fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?

ipv4 (?<![0-9])(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))(?![0-9])

ip (?:%{ipv6}|%{ipv4})

hostname \b(?:[0-9a-za-z][0-9a-za-z-]{0,62})(?:\.(?:[0-9a-za-z][0-9a-za-z-]{0,62}))*(\.?|\b)

host %{hostname}

iporhost (?:%{hostname}|%{ip})

hostport %{iporhost}:%{posint}

 

# paths

path (?:%{unixpath}|%{winpath})

unixpath (?>/(?>[\w_%!$@:.,-]+|\\.)*)+

tty (?:/dev/(pts|tty([pq])?)(\w+)?/?(?:[0-9]+))

winpath (?>[a-za-z]+:|\\)(?:\\[^\\?*]*)+

uriproto [a-za-z]+(\+[a-za-z+]+)?

urihost %{iporhost}(?::%{posint:port})?

# uripath comes loosely from rfc1738, but mostly from what firefox

# doesn't turn into %xx

uripath (?:/[a-za-z0-9$.+!*'(){},~:;=@#%_\-]*)+

#uriparam \?(?:[a-za-z0-9]+(?:=(?:[^&]*))?(?:&(?:[a-za-z0-9]+(?:=(?:[^&]*))?)?)*)?

uriparam \?[a-za-z0-9$.+!*'|(){},~@#%&/=:;_?\-\[\]]*

uripathparam %{uripath}(?:%{uriparam})?

uri %{uriproto}://(?:%{user}(?::[^@]*)?@)?(?:%{urihost})?(?:%{uripathparam})?

 

# months: january, feb, 3, 03, 12, december

month \b(?:jan(?:uary)?|feb(?:ruary)?|mar(?:ch)?|apr(?:il)?|may|jun(?:e)?|jul(?:y)?|aug(?:ust)?|sep(?:tember)?|oct(?:ober)?|nov(?:ember)?|dec(?:ember)?)\b

monthnum (?:0?[1-9]|1[0-2])

monthnum2 (?:0[1-9]|1[0-2])

monthday (?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])

 

# days: monday, tue, thu, etc...

day (?:mon(?:day)?|tue(?:sday)?|wed(?:nesday)?|thu(?:rsday)?|fri(?:day)?|sat(?:urday)?|sun(?:day)?)

 

# years?

year (?>\d\d){1,2}

hour (?:2[0123]|[01]?[0-9])

minute (?:[0-5][0-9])

# '60' is a leap second in most time standards and thus is valid.

second (?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)

time (?!<[0-9])%{hour}:%{minute}(?::%{second})(?![0-9])

# datestamp is yyyy/mm/dd-hh:mm:ss.uuuu (or something like it)

date_us %{monthnum}[/-]%{monthday}[/-]%{year}

date_eu %{monthday}[./-]%{monthnum}[./-]%{year}

iso8601_timezone (?:z|[+-]%{hour}(?::?%{minute}))

iso8601_second (?:%{second}|60)

timestamp_iso8601 %{year}-%{monthnum}-%{monthday}[t ]%{hour}:?%{minute}(?::?%{second})?%{iso8601_timezone}?

date %{date_us}|%{date_eu}

datestamp %{date}[- ]%{time}

tz (?:[pmce][sd]t|utc)

datestamp_rfc822 %{day} %{month} %{monthday} %{year} %{time} %{tz}

datestamp_rfc2822 %{day}, %{monthday} %{month} %{year} %{time} %{iso8601_timezone}

datestamp_other %{day} %{month} %{monthday} %{time} %{tz} %{year}

datestamp_eventlog %{year}%{monthnum2}%{monthday}%{hour}%{minute}%{second}

 

# syslog dates: month day hh:mm:ss

syslogtimestamp %{month} +%{monthday} %{time}

prog (?:[\w._/%-]+)

syslogprog %{prog:program}(?:\[%{posint:pid}\])?

sysloghost %{iporhost}

syslogfacility <%{nonnegint:facility}.%{nonnegint:priority}>

httpdate %{monthday}/%{month}/%{year}:%{time} %{int}

 

# shortcuts

qs %{quotedstring}

 

# log formats

syslogbase %{syslogtimestamp:timestamp} (?:%{syslogfacility} )?%{sysloghost:logsource} %{syslogprog}:

commonapachelog %{iporhost:clientip} %{user:ident} %{user:auth} \[%{httpdate:timestamp}\] "(?:%{word:verb} %{notspace:request}(?: http/%{number:httpversion})?|%{data:rawrequest})" %{number:response} (?:%{number:bytes}|-)

combinedapachelog %{commonapachelog} %{qs:referrer} %{qs:agent}

 

# log levels

loglevel ([aa]lert|alert|[tt]race|trace|[dd]ebug|debug|[nn]otice|notice|[ii]nfo|info|[ww]arn?(?:ing)?|warn?(?:ing)?|[ee]rr?(?:or)?|err?(?:or)?|[cc]rit?(?:ical)?|crit?(?:ical)?|[ff]atal|fatal|[ss]evere|severe|emerg(?:ency)?|[ee]merg(?:ency)?)

 

您可能感兴趣的文章:

如对本文有疑问, 点击进行留言回复!!

相关文章:

验证码:
最近更新的文章
大家感兴趣的文章
移动技术网