set line {
Jul 24 21:06:40 2014: %AUTH-6-INFO: login[1765]: user 'admin' on 'pts/1' logged
Jul 24 21:05:15 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.58.net. Flow: 0x2
Jul 24 21:04:39 2014: %DATAPLANE-5-: Unrecognized HTTP URL static.58.com. Flow:
Jul 24 21:04:38 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.google-analytics.com. Flow: 0x2265394048.
Jul 24 21:04:36 2014: %DATAPLANE-5-: Unrecognized HTTP URL track.58.co.in. Flow: 0
Jul 24 21:04:38 2014: %DATAPLANE-5-:Unrecognized HTTP URL www.google.co.in. Flow: 0x87078800
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Client Hello ServerName www.google.co.in. Flow: 0x87073880. len_analyzed: 183
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Hello ServerName test1. Flow: 0x87073880, len_analyzed 99
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Cert CommonName *.google.com. Flow: 0x87073880
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Searching rname(TYPE_A) cs50.wac.edgecastcdn.net in dns_hash_table
Jul 24 21:04:38 2014: %DATAPLANE-5-:Unrecognized HTTP URL www.facebook.com. Flow: 0x87078800
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Client Hello ServerName www.fb.com. Flow: 0x87073880. len_analyzed: 183
Jul 24 21:05:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Hello ServerName test. Flow: 0x87073880, len_analyzed 99
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Cert CommonName *.facebook.com. Flow: 0x87073880
Jul 24 21:05:39 2014: %DATAPLANE-5-:CCB:44:Searching rname(TYPE_A) cs50.wac.facebook.net in dns_hash_table
}
set urls [list]
foreach {dummy item} [regexp -all -inline {Server Hello ServerNames+(S+)} $line] {
lappend urls $item
}
#puts $res
set s "*****************************************************"
set f {}
set f [open output.txt a]
if {$f ne {}} {
foreach url $urls {
chan puts $f $url
}
chan puts $f $s
chan close $f
}
如何从上述变量$line中提取URL, Client Hello ServerName, Server Hello ServerName, Server Cert CommonName, rname。并将其上传到文本文件中,以逗号分隔。
编辑:
output.txt内容应为:
www.58.net, www.google.co.in, test1 * .google.com, cs50.wac.edgecastcdn.net
,其中"www.58.net"是使用URL进行grepped的输出。"www.google.co.in"是使用Client Hello ServerName etc进行grep的输出
谢谢,
Balu p .
您可以从结果列表中捕获url,然后以逗号连接。一个简单的方法是…
set urls [list]
foreach {dummy item} [regexp -all -inline {Server Hello ServerNames+(S+)} $line] {
lappend urls $item
}
set urls [join $urls ,]
如果url中可以有逗号,你也可以添加引号并转义任何固有的引号…
set urls [list]
foreach {dummy item} [regexp -all -inline {Server Hello ServerNames+(S+)} $line] {
lappend urls "[string map {{"} {"}} $item]"
}
set urls [join $urls ,]
string map
将用反斜杠转义这里的任何引号。
您可以使用制表符而不是逗号来避免这些:
set urls [list]
foreach {dummy item} [regexp -all -inline {Server Hello ServerNames+(S+)} $line] {
lappend urls $item
}
set urls [join $urls t]
编辑:从聊天,这里是完整的代码与所有其他不同的含义,并使用修改版本的Donal的regexp:
set line {
Jul 24 21:06:40 2014: %AUTH-6-INFO: login[1765]: user 'admin' on 'pts/1' logged
Jul 24 21:05:15 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.58.net. Flow: 0x2
Jul 24 21:04:39 2014: %DATAPLANE-5-: Unrecognized HTTP URL static.58.com. Flow:
Jul 24 21:04:38 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.google-analytics.
com. Flow: 0x2265394048.
Jul 24 21:04:36 2014: %DATAPLANE-5-: Unrecognized HTTP URL track.58.co.in. Flow: 0
Jul 24 21:04:38 2014: %DATAPLANE-5-:Unrecognized HTTP URL www.google.co.in. Flow: 0x87078800
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Client Hello ServerName www.google.co.in. Flow: 0x87073880. len_analyzed: 183
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Hello ServerName test1. Flow: 0x87073880, len_analyzed 99
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Cert CommonName *.google.com. Flow: 0x87073880
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Searching rname(TYPE_A) cs50.wac.edgecastcdn.net in dns_hash_table
Jul 24 21:04:38 2014: %DATAPLANE-5-:Unrecognized HTTP URL www.facebook.com. Flow: 0x87078800
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Client Hello ServerName www.fb.com. Flow: 0x87073880. len_analyzed: 183
Jul 24 21:05:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Hello ServerName test. Flow: 0x87073880, len_analyzed 99
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Cert CommonName *.facebook.com. Flow: 0x87073880
Jul 24 21:05:39 2014: %DATAPLANE-5-:CCB:44:Searching rname(TYPE_A) cs50.wac.facebook.net in dns_hash_table
}
set URL [list]
set chs [list]
set shs [list]
set scs [list]
set rname [list]
set cURL 0
set cchs 0
set cshs 0
set cscs 0
set crname 0
foreach {whole type payload} [regexp -all -inline {(?x)
y ( URL
| (?: Client | Server)[ ]Hello[ ]ServerName
| Server[ ]Cert[ ]CommonName
| rname([^)]+) )
s+ ((?:(?![ ]Flow:| in[ ]dns_hash_table).)+)
} $line] {
switch -regexp $type {
URL {lappend URL $payload; incr cURL}
{Client Hello ServerName} {lappend chs $payload; incr cchs}
{Server Hello ServerName} {lappend shs $payload; incr cshs}
{Server Cert CommonName} {lappend scs $payload; incr cscs}
{rname([^)]+)} {lappend rname $payload; incr crname}
}
}
set max [lindex [lsort -decreasing [list $cURL $cchs $cshs $cscs $crname]] 0]
set i 0
set all_list [list]
while {$max != $i} {
if {[catch {regsub -all {s} [lindex $URL $i] "" one}]} {set one ""}
if {[catch {regsub -all {s} [lindex $chs $i] "" two}]} {set two ""}
if {[catch {regsub -all {s} [lindex $shs $i] "" three}]} {set three ""}
if {[catch {regsub -all {s} [lindex $scs $i] "" four}]} {set four ""}
if {[catch {regsub -all {s} [lindex $rname $i] "" five}]} {set five ""}
lappend all_list [join [list $one $two $three $four $five] ,]
incr i
}
puts [join $all_list n]
ideone演示