1. дома
  2. Вопрос и ответ
  3. Что означает? P в этом регулярном выражении?

Что означает? P в этом регулярном выражении?

2013-09-25 2 views
0

У меня возникли проблемы с пониманием следующее регулярное выражение:
Что означает? P в этом регулярном выражении?

regexp="(?P<date>\d{4}-\d{2}-\d{2}-\d{2}:\d{2}:\d{2})\S+\s(?P<proto>\w+)\S+\s(?P<sid>\S)\s+(? P<sip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\s+(?P<sport>\d+))?\s+(?P<dip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(:)?\s(?P<dport>\d+)((:)?\s+(?P<info>\S+\s\S+)\s+\[(?P<comment>.*)\])?"

0 или 1
дата = {normalize_date ($ даты)}
plugin_sid = {перевести ($ с.и.д.)}
src_ip = {$ глотка}
src_port = {$}
спорт dst_ip = {$}
провал dst_port = {$ DPORT}
протокол = {$ прото}
userdata1 = {$ я nfo}
userdata2 = {$ comment}

Что означает? P? Может ли кто-нибудь помочь мне разобраться в этом монстре, изложив логику?

источник

2013-09-25 user2284355

+0

Любой контекст может помочь ... –

+0

Это регулярное выражение для соответствия журналам, сгенерированным honeypot с низким взаимодействием с именем honeyd. Это регулярное выражение соответствует строкам типа следующего содержания: 2013-09-25-01: 05: 15.1082 icmp (1) - 192.168.XX 192.168.XX: 8 (0): 84 OR 2013-09-25-01 : 07: 14.7951 tcp (6) - 192.168.XX 55394 192.168.XX 20: 52 S [Linux 2.4 ts] – user2284355

+0

Большинство пакетов имеют протокол даты sourceip: sourceport destip: destport connection_state – user2284355

ответ

4

(?P...) является named group.

О, и (? P<sip> может быть недействительным (я не думаю, что там разрешено место).

Если у вас есть какие-либо другие вопросы, this является полезным ресурсом для объяснения регулярных выражений, хотя он не работает для (?P...).

Объяснение вашего регулярного выражения без названных групп (так просто заменить «группу и захватить \ 1» с «группой и захватить в„дата“» для первого, и так далее) (link):

NODE      EXPLANATION 
-------------------------------------------------------------------------------- 
    (      group and capture to \1: 
-------------------------------------------------------------------------------- 
    \d{4}     digits (0-9) (4 times) 
-------------------------------------------------------------------------------- 
    -      '-' 
-------------------------------------------------------------------------------- 
    \d{2}     digits (0-9) (2 times) 
-------------------------------------------------------------------------------- 
    -      '-' 
-------------------------------------------------------------------------------- 
    \d{2}     digits (0-9) (2 times) 
-------------------------------------------------------------------------------- 
    -      '-' 
-------------------------------------------------------------------------------- 
    \d{2}     digits (0-9) (2 times) 
-------------------------------------------------------------------------------- 
    :      ':' 
-------------------------------------------------------------------------------- 
    \d{2}     digits (0-9) (2 times) 
-------------------------------------------------------------------------------- 
    :      ':' 
-------------------------------------------------------------------------------- 
    \d{2}     digits (0-9) (2 times) 
-------------------------------------------------------------------------------- 
)      end of \1 
-------------------------------------------------------------------------------- 
    \S+      non-whitespace (all but \n, \r, \t, \f, 
          and " ") (1 or more times (matching the 
          most amount possible)) 
-------------------------------------------------------------------------------- 
    \s      whitespace (\n, \r, \t, \f, and " ") 
-------------------------------------------------------------------------------- 
    (      group and capture to \2: 
-------------------------------------------------------------------------------- 
    \w+      word characters (a-z, A-Z, 0-9, _) (1 or 
          more times (matching the most amount 
          possible)) 
-------------------------------------------------------------------------------- 
)      end of \2 
-------------------------------------------------------------------------------- 
    \S+      non-whitespace (all but \n, \r, \t, \f, 
          and " ") (1 or more times (matching the 
          most amount possible)) 
-------------------------------------------------------------------------------- 
    \s      whitespace (\n, \r, \t, \f, and " ") 
-------------------------------------------------------------------------------- 
    (      group and capture to \3: 
-------------------------------------------------------------------------------- 
    \S      non-whitespace (all but \n, \r, \t, \f, 
          and " ") 
-------------------------------------------------------------------------------- 
)      end of \3 
-------------------------------------------------------------------------------- 
    \s+      whitespace (\n, \r, \t, \f, and " ") (1 or 
          more times (matching the most amount 
          possible)) 
-------------------------------------------------------------------------------- 
    (      group and capture to \4: 
-------------------------------------------------------------------------------- 
    \d{1,3}     digits (0-9) (between 1 and 3 times 
          (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
    \.      '.' 
-------------------------------------------------------------------------------- 
    \d{1,3}     digits (0-9) (between 1 and 3 times 
          (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
    \.      '.' 
-------------------------------------------------------------------------------- 
    \d{1,3}     digits (0-9) (between 1 and 3 times 
          (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
    \.      '.' 
-------------------------------------------------------------------------------- 
    \d{1,3}     digits (0-9) (between 1 and 3 times 
          (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
)      end of \4 
-------------------------------------------------------------------------------- 
    (      group and capture to \5 (optional 
          (matching the most amount possible)): 
-------------------------------------------------------------------------------- 
    \s+      whitespace (\n, \r, \t, \f, and " ") (1 
          or more times (matching the most amount 
          possible)) 
-------------------------------------------------------------------------------- 
    (      group and capture to \6: 
-------------------------------------------------------------------------------- 
     \d+      digits (0-9) (1 or more times 
           (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
    )      end of \6 
-------------------------------------------------------------------------------- 
)?      end of \5 (NOTE: because you are using a 
          quantifier on this capture, only the LAST 
          repetition of the captured pattern will be 
          stored in \5) 
-------------------------------------------------------------------------------- 
    \s+      whitespace (\n, \r, \t, \f, and " ") (1 or 
          more times (matching the most amount 
          possible)) 
-------------------------------------------------------------------------------- 
    (      group and capture to \7: 
-------------------------------------------------------------------------------- 
    \d{1,3}     digits (0-9) (between 1 and 3 times 
          (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
    \.      '.' 
-------------------------------------------------------------------------------- 
    \d{1,3}     digits (0-9) (between 1 and 3 times 
          (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
    \.      '.' 
-------------------------------------------------------------------------------- 
    \d{1,3}     digits (0-9) (between 1 and 3 times 
          (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
    \.      '.' 
-------------------------------------------------------------------------------- 
    \d{1,3}     digits (0-9) (between 1 and 3 times 
          (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
)      end of \7 
-------------------------------------------------------------------------------- 
    (      group and capture to \8 (optional 
          (matching the most amount possible)): 
-------------------------------------------------------------------------------- 
    :      ':' 
-------------------------------------------------------------------------------- 
)?      end of \8 (NOTE: because you are using a 
          quantifier on this capture, only the LAST 
          repetition of the captured pattern will be 
          stored in \8) 
-------------------------------------------------------------------------------- 
    \s      whitespace (\n, \r, \t, \f, and " ") 
-------------------------------------------------------------------------------- 
    (      group and capture to \9: 
-------------------------------------------------------------------------------- 
    \d+      digits (0-9) (1 or more times (matching 
          the most amount possible)) 
-------------------------------------------------------------------------------- 
)      end of \9 
-------------------------------------------------------------------------------- 
    (      group and capture to \10 (optional 
          (matching the most amount possible)): 
-------------------------------------------------------------------------------- 
    (      group and capture to \11 (optional 
          (matching the most amount possible)): 
-------------------------------------------------------------------------------- 
     :      ':' 
-------------------------------------------------------------------------------- 
    )?      end of \11 (NOTE: because you are using 
          a quantifier on this capture, only the 
          LAST repetition of the captured pattern 
          will be stored in \11) 
-------------------------------------------------------------------------------- 
    \s+      whitespace (\n, \r, \t, \f, and " ") (1 
          or more times (matching the most amount 
          possible)) 
-------------------------------------------------------------------------------- 
    (      group and capture to \12: 
-------------------------------------------------------------------------------- 
     \S+      non-whitespace (all but \n, \r, \t, 
           \f, and " ") (1 or more times 
           (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
     \s      whitespace (\n, \r, \t, \f, and " ") 
-------------------------------------------------------------------------------- 
     \S+      non-whitespace (all but \n, \r, \t, 
           \f, and " ") (1 or more times 
           (matching the most amount possible)) 
-------------------------------------------------------------------------------- 
    )      end of \12 
-------------------------------------------------------------------------------- 
    \s+      whitespace (\n, \r, \t, \f, and " ") (1 
          or more times (matching the most amount 
          possible)) 
-------------------------------------------------------------------------------- 
    \[      '[' 
-------------------------------------------------------------------------------- 
    (      group and capture to \13: 
-------------------------------------------------------------------------------- 
     .*      any character except \n (0 or more 
           times (matching the most amount 
           possible)) 
-------------------------------------------------------------------------------- 
    )      end of \13 
-------------------------------------------------------------------------------- 
    \]      ']' 
-------------------------------------------------------------------------------- 
)?      end of \10 (NOTE: because you are using a 
          quantifier on this capture, only the LAST 
          repetition of the captured pattern will be 
          stored in \10)

источник

2013-09-25 00:45:05 Dukeling

Смежные вопросы

 Смежные вопросы