regex - bash grep regex 如何不 grep 时间戳
问题描述
我有一个文件,我正在尝试检索与特定模式匹配的行,而该模式是[NUMBERS:NUMBERS:NUMBERS]
我在这里使用的命令:cat example.txt | grep -v "\[[0-9]+:[0-9]+:[0-9]+\]"
所有这一切似乎都是 grep 时间戳,即使我指定了开始结束文字字符。
不知道为什么它不起作用?
示例数据:
Jun 22 23:15:09 192.168.0.1 snort[8791]: [120:28:1] (http_inspect) INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.6:40932 -> 192.168.0.99:80
Jun 22 23:35:46 192.168.0.1 snort[8791]: [120:28:1] (http_inspect) INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.6:37647 -> 192.168.0.18:80
Jun 25 00:17:41 192.168.0.1 snort[8791]: [120:28:1] (http_inspect) INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.6:46210 -> 192.168.0.9:80
Jun 25 00:26:30 192.168.0.1 snort[8791]: [120:28:1] (http_inspect) INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.6:39421 -> 192.168.0.13:80
Jul 31 16:11:52 192.168.0.1 pkg-static: snort reinstalled: 2.9.16 -> 2.9.16
Jul 31 16:11:53 192.168.0.1 snort[89490]: *** Caught Term-Signal
Jul 31 16:11:58 192.168.0.1 snort[90728]: *** Caught Term-Signal
Jul 31 16:12:13 192.168.0.1 php: /etc/rc.packages: Beginning package installation for snort .
Jul 31 16:12:31 192.168.0.1 php: /etc/rc.packages: [Snort] There is a new set of Snort Subscriber rules posted. Downloading snortrules-snapshot-29160.tar.gz...
Jul 31 16:12:36 192.168.0.1 php: /etc/rc.packages: [Snort] There is a new set of Snort OpenAppID detectors posted. Downloading snort-openappid.tar.gz...
Jul 31 16:13:17 192.168.0.1 php: /etc/rc.packages: Successfully installed package: snort.
Jul 31 16:13:17 192.168.0.1 pkg-static: pfSense-pkg-snort upgraded: 3.2.9.13 -> 3.2.9.14_1
Aug 2 10:47:36 192.168.0.1 php-fpm[76321]: /snort/snort_alerts.php: [Snort] Snort RELOAD CONFIG for LAN...
Aug 2 10:47:36 192.168.0.1 php-fpm[76321]: /snort/snort_alerts.php: [Snort] Snort RELOAD CONFIG for LAN...
Aug 2 10:47:36 192.168.0.1 snort[92683]: Snort Reload: Any change to any output configurations requires a restart.
Aug 2 10:47:59 192.168.0.1 php-fpm[3795]: /snort/snort_alerts.php: [Snort] Snort RELOAD CONFIG for LAN...
Aug 2 10:47:59 192.168.0.1 php-fpm[3795]: /snort/snort_alerts.php: [Snort] Snort RELOAD CONFIG for LAN...
Aug 2 15:41:03 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:51231 -> 192.168.0.3:445
Aug 3 11:00:08 192.168.0.1 snort[92683]: [1:2030215:2] ET POLICY DNS Query to .onion proxy Domain (onion . ly) [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 192.168.0.2:62288 -> 192.168.0.1:53
Aug 3 11:00:08 192.168.0.1 snort[92683]: [1:2030215:2] ET POLICY DNS Query to .onion proxy Domain (onion . ly) [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 192.168.0.2:62288 -> 192.168.0.1:53
Aug 3 11:00:10 192.168.0.1 snort[92683]: [1:2030216:2] ET POLICY .onion.ly Proxy domain in SNI [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.0.2:3698 -> 191.168.0.18:443
Aug 3 13:50:24 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:2746 -> 192.168.0.3:445
Aug 3 13:50:24 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:2746 -> 192.168.0.3:445
Aug 3 13:50:25 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:2746 -> 192.168.0.3:445
Aug 3 14:27:36 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:2746 -> 192.168.0.3:445
Aug 4 10:46:14 192.168.0.1 snort[92683]: [1:2025709:2] ET POLICY SMB2 NT Create AndX Request For a DLL File - Possible Lateral Movement [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:46:14 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:46:14 192.168.0.1 snort[92683]: [1:2025699:2] ET POLICY SMB Executable File Transfer [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:46:15 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:46:15 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:46:16 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:49:36 192.168.0.1 php-fpm[349]: /snort/snort_alerts.php: [Snort] Snort RELOAD CONFIG for LAN...
Aug 4 10:49:36 192.168.0.1 php-fpm[349]: /snort/snort_alerts.php: [Snort] Snort RELOAD CONFIG for LAN...
Aug 4 10:51:38 192.168.0.1 php-fpm[62611]: /snort/snort_rulesets.php: [Snort] Updating rules configuration for: LAN ...
Aug 4 10:51:40 192.168.0.1 php-fpm[62611]: /snort/snort_rulesets.php: [Snort] Enabling any flowbit-required rules for: LAN...
Aug 4 10:51:40 192.168.0.1 php-fpm[62611]: /snort/snort_rulesets.php: [Snort] Building new sid-msg.map file for LAN...
Aug 4 10:51:41 192.168.0.1 php-fpm[62611]: /snort/snort_rulesets.php: [Snort] Snort RELOAD CONFIG for LAN...
Aug 4 23:45:21 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:22 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:22 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:22 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:22 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:22 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:23 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
预期输出:
Jun 22 23:15:09 192.168.0.1 snort[8791]: [120:28:1] (http_inspect) INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.6:40932 -> 192.168.0.99:80
Jun 22 23:35:46 192.168.0.1 snort[8791]: [120:28:1] (http_inspect) INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.6:37647 -> 192.168.0.18:80
Jun 25 00:17:41 192.168.0.1 snort[8791]: [120:28:1] (http_inspect) INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.6:46210 -> 192.168.0.9:80
Jun 25 00:26:30 192.168.0.1 snort[8791]: [120:28:1] (http_inspect) INVALID CHUNK SIZE OR CHUNK SIZE FOLLOWED BY JUNK CHARACTERS [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.6:39421 -> 192.168.0.13:80
Aug 2 15:41:03 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:51231 -> 192.168.0.3:445
Aug 3 11:00:08 192.168.0.1 snort[92683]: [1:2030215:2] ET POLICY DNS Query to .onion proxy Domain (onion . ly) [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 192.168.0.2:62288 -> 192.168.0.1:53
Aug 3 11:00:08 192.168.0.1 snort[92683]: [1:2030215:2] ET POLICY DNS Query to .onion proxy Domain (onion . ly) [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 192.168.0.2:62288 -> 192.168.0.1:53
Aug 3 11:00:10 192.168.0.1 snort[92683]: [1:2030216:2] ET POLICY .onion.ly Proxy domain in SNI [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.0.2:3698 -> 191.168.0.18:443
Aug 3 13:50:24 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:2746 -> 192.168.0.3:445
Aug 3 13:50:24 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:2746 -> 192.168.0.3:445
Aug 3 13:50:25 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:2746 -> 192.168.0.3:445
Aug 3 14:27:36 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:2746 -> 192.168.0.3:445
Aug 4 10:46:14 192.168.0.1 snort[92683]: [1:2025709:2] ET POLICY SMB2 NT Create AndX Request For a DLL File - Possible Lateral Movement [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:46:14 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:46:14 192.168.0.1 snort[92683]: [1:2025699:2] ET POLICY SMB Executable File Transfer [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:46:15 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:46:15 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 10:46:16 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:21 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:22 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:22 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:22 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:22 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:22 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
Aug 4 23:45:23 192.168.0.1 snort[92683]: [1:2025701:2] ET POLICY SMB2 NT Create AndX Request For an Executable File [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.2:6342 -> 192.168.0.3:445
解决方案
该符号在您的表达式中+
被读取为文字。+
使用-E
POSIX ERE 合规性选项。
此外,您对 , 的使用毫无用处cat
,grep
也接受文件作为参数。
grep -vE '\[[0-9]+:[0-9]+:[0-9]+\]' example.txt
推荐阅读
- ios - 在 iOS 上无需身份验证即可跟踪付费内容
- javascript - 如何在这个带有虚拟页面项的 AngularJS 应用程序中平滑地将页面滚动到顶部?
- amazon-web-services - 如何在 Eclipse 和 Window 10 上配置 AWS SAM
- python - 如何保留更改的python工作目录
- python-3.x - 将无理数放入分数时,sympy 返回 TypeError
- javascript - 根据输入类型数字值创建复选框字段
- android - 为什么我的 ValueEventListener 有延迟效果?
- java - Java中hello world中的字符常量错误
- machine-learning - 如何在两个不同的 keras 层之间创建自定义(卷积)连接
- javascript - POST表单参数由登录页面上的Javascript函数编码,是否可以传递到cURL/Bash?