如何删除不包含特定字符串的行?

问题描述 投票:0回答:2

我的网站遭到暴力攻击。日志文件大小为 1.4 GB(4338.995 行)。如何删除 Sublime 中不包含特定字符串的行?

它既包含普通用户,也包含来自两个不同IP地址的暴力攻击(个人信息和IP地址已更改):

163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /box1_rhs/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /isaac_working/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
66.29.166.6 - - [28/Apr/2017:13:00:06 +0200] "GET /index.php HTTP/1.1" 200 2898 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /title_bykergrove_red/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /games_title/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
66.29.166.6 - - [28/Apr/2017:13:00:06 +0200] "GET /info.php HTTP/1.1" 200 565 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /box1_btm/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /coast_gal_bamburgh-thumb/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /games_pic2/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /coast_gal_tentsmuir-thumb/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /pannel_bot/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /but_go_red/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /coast_gal_badbea-thumb/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /top_girl/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
61.68.207.144 - - [28/Apr/2017:13:00:06 +0200] "GET /s/ HTTP/1.1" 200 9707 "http://google.com/search?q=s06e13" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /pannel_poles_bottom/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /box2_rhs/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /watch_animals/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /pets_pic4/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /boy/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /box2_top/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /pets_title/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /coast_gal_whitby-thumb/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:06 +0200] "HEAD /box2_schoolsout_paramedic/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:07 +0200] "HEAD /rws_sign/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
12.180.245.229 - - [28/Apr/2017:13:00:07 +0200] "GET /browse.php HTTP/1.1" 200 3819 "https://www.google.com.au/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36"
163.33.74.115 - - [28/Apr/2017:13:00:07 +0200] "HEAD /box2_btm/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:07 +0200] "HEAD /serious_amazon/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:07 +0200] "HEAD /box3_noproblem_textbullying/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:07 +0200] "HEAD /ramblings12_home/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"
163.33.74.115 - - [28/Apr/2017:13:00:07 +0200] "HEAD /chain_cat/ HTTP/1.1" 404 157 "-" "DirBuster-0.12 (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project)"

我想删除不包含“163.33.74.115”的行。通过搜索和替换,我使用:

^((?!163\.33\.74\.115).)*$

但是即使突出显示了除 IP 之外的所有内容,程序也没有执行任何操作。我该怎么做?

regex replace sublimetext
2个回答
41
投票

对于 Sublime 使用:

1 - CTRL+H
2 - 单击正则表达式(检查下面的 ps)
3 - 查找内容:

^163.33.74.115.*\n
^(?!163.33.74.115).*\n
用于反向匹配
4 - 替换为:空白
5 - 单击全部替换

enter image description here


GREP 答案:

上面的答案应该可以正常工作,但我宁愿使用

grep
,它与
linux
mac
捆绑在一起,对于 windows 在这里获取它,即:

1 - 所有行 除了 包含

163.33.74.115
的行:

grep -v 163.33.74.115 original.log > attack.log

2 - 所有包含

163.33.74.115
:

的行
grep 163.33.74.115 original.log > attack.log

选项:

-v, --invert-match        select non-matching lines

32
投票

更快的选择是仅使用“查找全部”选项:它会为您选择所有匹配项,以便您可以复制它们。

  1. Ctrl+F
  2. 使用简单的正逻辑正则表达式匹配您
  3. 想要的行:.*163.33.74.115.*
    
    
  4. 单击“查找全部”
  5. Ctrl+C > 打开新文档 > Ctrl+V
这里的优点是您不必记住负向先行的正则表达式语法 - 如果您尝试匹配不在行开头的内容,这会更加棘手。

© www.soinside.com 2019 - 2024. All rights reserved.