^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) \[(?<toolName>[^ ]*)\] \[Attack_Name=]*(?<atackName>[^\]]*)\]\, \[Time=]*(?<time2>[^\]]*)\]\, \[Hacker=]*(?<hackerIP>[^\]]*)\]\, \[Victim=]*(?<victimIP>[^\]]*)\]\, \[Protocol=]*(?<protocol>[^\/]*)\/(?<port>[^\]]*)\]\, \[Risk=]*(?<priority>[^\]]*)\]\, \[Handling=]*(?<handling>[^\]]*)\]\, \[Information=]*(?<information>[^\]]*)\]\, \[SrcPort=]*(?<srcPort>[^\]]*)\]$
^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) \[(?<toolName>[^ ]*)\] \[Attack_Name=]*(?<attackName>[^\]]*)\] \[Time=]*(?<time2>[^\]]*)\] \[Src_ip=]*(?<srcIP>[^\]]*)\] \[Dst_ip=]*(?<dstIP>[^\]]*)\] \[Protocol=]*(?<protocol>[^\/]*)\/*(?<port>[^\]]*)\] \[Filter=]*(?<filter>[^\]]*)\] \[Action=]*(?<action>[^\]]*)\] \[Src_port=]*(?<srcPort>[^\]]*)\]
^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) \[(?<toolName>[^ ]*)\] \[Attack_Name=\(\d*\)]*(?<attackName>[^\]]*)\]\, \[Time=]*(?<year>\d{4})\/(?<month>\d{1,2})\/(?<day>\d{1,2})(?<time2>[^\]]*)\]\, \[Hacker=]*(?<hackerIP>[^\]]*)\]\, \[Victim=]*(?<victimIP>[^\]]*)\]\, \[Protocol=]*(?<protocol>[^\/]*)\/(?<port>[^\]]*)\]\, \[Risk=]*(?<priority>[^\]]*)\]\, \[Handling=]*(?<handling>[^\]]*)\]\, \[Information=]*(?<information>[^\]]*)\]\, \[SrcPort=]*(?<srcPort>[^\]]*)\]$
^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) \[(?<toolName>[^ ]*)\] \[Attack_Name=]*(?<attackName>[^\]]*)\] \[Time=]*(?<year>\d{4})\/(?<month>\d{1,2})\/(?<day>\d{1,2})(?<time2>[^\]]*)\] \[Src_ip=]*(?<srcIP>[^\]]*)\] \[Dst_ip=]*(?<dstIP>[^\]]*)\] \[Protocol=]*(?<protocol>[^\/]*)\/*(?<port>[^\]]*)\] \[Filter=]*(?<filter>[^\]]*)\] \[Action=]*(?<action>[^\]]*)\] \[Src_port=]*(?<srcPort>[^\]]*)\]
^(?<time>[^ ]*) \[\*\*] [^ ]* (?<messages>[^\[]*)\[\*\*] \[Classification: (?<classification>[^\]]*)\] \[Priority: (?<priority>[^\]]*)] {(?<protocol>[^ ]*)} (?<srcIP>[^:]*):(?<srcPort>[^ ]*) -> (?<dstIP>[^:]*):(?<dstPort>[^ ]*)$
- 수리카타 fast.log 정규식
[Sun Nov 15 08:34:33 2015] [error] [client 111.85.191.131] request failed: error reading the headers
^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\] \[client (?<client_ip>[^\]]*)\] (?<message>.*)$
-apache2 error 정규식
'프로젝트 관련 조사 > 로그 관련' 카테고리의 다른 글
| [Elasticsearch] 관계형 DB와 Elasticsearch 비교 (0) | 2019.11.13 |
|---|---|
| [Log] 크리티컬한 보안 로그 체크리스트 (0) | 2015.12.03 |
| [Rsyslog] Rsyslog conf 상황에 맞게 필터링 하기 (0) | 2015.11.24 |
| Rsyslog IP로 필터링 하기 (0) | 2015.11.16 |
| 정규표현식 - 1장 (0) | 2015.11.12 |