반응형

 

^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) \[(?<toolName>[^ ]*)\] \[Attack_Name=]*(?<atackName>[^\]]*)\]\, \[Time=]*(?<time2>[^\]]*)\]\, \[Hacker=]*(?<hackerIP>[^\]]*)\]\, \[Victim=]*(?<victimIP>[^\]]*)\]\, \[Protocol=]*(?<protocol>[^\/]*)\/(?<port>[^\]]*)\]\, \[Risk=]*(?<priority>[^\]]*)\]\, \[Handling=]*(?<handling>[^\]]*)\]\, \[Information=]*(?<information>[^\]]*)\]\, \[SrcPort=]*(?<srcPort>[^\]]*)\]$

 

 

 

^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) \[(?<toolName>[^ ]*)\] \[Attack_Name=]*(?<attackName>[^\]]*)\] \[Time=]*(?<time2>[^\]]*)\] \[Src_ip=]*(?<srcIP>[^\]]*)\] \[Dst_ip=]*(?<dstIP>[^\]]*)\] \[Protocol=]*(?<protocol>[^\/]*)\/*(?<port>[^\]]*)\] \[Filter=]*(?<filter>[^\]]*)\] \[Action=]*(?<action>[^\]]*)\] \[Src_port=]*(?<srcPort>[^\]]*)\]

 

 

^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) \[(?<toolName>[^ ]*)\] \[Attack_Name=\(\d*\)]*(?<attackName>[^\]]*)\]\, \[Time=]*(?<year>\d{4})\/(?<month>\d{1,2})\/(?<day>\d{1,2})(?<time2>[^\]]*)\]\, \[Hacker=]*(?<hackerIP>[^\]]*)\]\, \[Victim=]*(?<victimIP>[^\]]*)\]\, \[Protocol=]*(?<protocol>[^\/]*)\/(?<port>[^\]]*)\]\, \[Risk=]*(?<priority>[^\]]*)\]\, \[Handling=]*(?<handling>[^\]]*)\]\, \[Information=]*(?<information>[^\]]*)\]\, \[SrcPort=]*(?<srcPort>[^\]]*)\]$

 

 

^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) \[(?<toolName>[^ ]*)\] \[Attack_Name=]*(?<attackName>[^\]]*)\] \[Time=]*(?<year>\d{4})\/(?<month>\d{1,2})\/(?<day>\d{1,2})(?<time2>[^\]]*)\] \[Src_ip=]*(?<srcIP>[^\]]*)\] \[Dst_ip=]*(?<dstIP>[^\]]*)\] \[Protocol=]*(?<protocol>[^\/]*)\/*(?<port>[^\]]*)\] \[Filter=]*(?<filter>[^\]]*)\] \[Action=]*(?<action>[^\]]*)\] \[Src_port=]*(?<srcPort>[^\]]*)\]

 

 

^(?<time>[^ ]*)  \[\*\*] [^ ]* (?<messages>[^\[]*)\[\*\*] \[Classification: (?<classification>[^\]]*)\] \[Priority: (?<priority>[^\]]*)] {(?<protocol>[^ ]*)} (?<srcIP>[^:]*):(?<srcPort>[^ ]*) -> (?<dstIP>[^:]*):(?<dstPort>[^ ]*)$

- 수리카타 fast.log 정규식

 

[Sun Nov 15 08:34:33 2015] [error] [client 111.85.191.131] request failed: error reading the headers

^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\] \[client (?<client_ip>[^\]]*)\] (?<message>.*)$

-apache2 error 정규식

 

반응형
저작자표시 (새창열림)

'프로젝트 관련 조사 > 로그 관련' 카테고리의 다른 글

[Elasticsearch] 관계형 DB와 Elasticsearch 비교  (0) 2019.11.13
[Log] 크리티컬한 보안 로그 체크리스트  (0) 2015.12.03
[Rsyslog] Rsyslog conf 상황에 맞게 필터링 하기  (0) 2015.11.24
Rsyslog IP로 필터링 하기  (0) 2015.11.16
정규표현식 - 1장  (0) 2015.11.12

티스토리툴바