主页 / server / 问题 / 1150968
Accepted
user3223819
Asked: 2024-01-06 04:01:58 +0800 CST

为什么 grep 停止匹配并在二进制文件匹配时出错

  • 772

问题

为什么我的 grep 命令匹配某些行,然后停止并显示此错误 grep: /var/log/apache2/modsec_audit.log: 二进制文件匹配

我的 grep 命令: grep '^[' /var/log/apache2/modsec_audit.log

我猜日志文件中有二进制内容,这会弄乱 grep 吗?但我是猜测,所以请解释一下原因是什么。另请解释我可以采取什么措施来解决这个问题。

日志文件本身是 ASCII 文本。我可以使用 less 来读取它文件 /var/log/apache2/modsec_audit.log /var/log/apache2/modsec_audit.log:HTML 文档,ASCII 文本,有很长的行(9938)

设置

在我的网络服务器上我安装了 modsec。审核文件是此处描述的多行记录 https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#user-content-Parts

仅供参考,我正在记录这些部分 SecAuditLogParts ABCEFHJZ

A 部分是审核日志标头,只有一行,包含以下信息: 时间戳 唯一事务 ID 源 IP 地址(IPv4 或 IPv6) 源端口 目标 IP 地址(IPv4 或 IPv6) 目标端口

例如 [05/Jan/2024:00:45:31.734758 +0000] ZZdRKyjPxuLDuK2XVhEfLgAAAAU 198.12.243.17 13914 192.168.2.143 443

我正在尝试做什么

我试图从很多很多行中找出 A 部分,并将其用作任意一天发生的事情以及机器人活动最繁忙的时间的简单参考。有很多更好的方法可以做到这一点,但请保持正轨 - grep 出了什么问题以及如何克服它?

linux

1 个回答

  1. Best Answer

    grep默认情况下不喜欢输出二进制数据(例如,输出二进制数据很可能会弄乱终端),因此它默认只指示binary file matches二进制文件的匹配项。

    如果您无论如何都想要输出,您可能需要该-a选项。
    有关详细信息,请参阅手册中的相关部分:

       -a, --text
          Process a binary file as if it were text; this is equivalent to the --binary-files=text option.

   --binary-files=TYPE
          If  a  file's  data or metadata indicate that the file contains binary data, assume that the file is of
          type TYPE.  Non-text bytes indicate binary data; these are either  output  bytes  that  are  improperly
          encoded for the current locale, or null input bytes when the -z option is not given.

          By  default, TYPE is binary, and grep suppresses output after null input binary data is discovered, and
          suppresses output lines that contain improperly encoded data.  When some  output  is  suppressed,  grep
          follows any output with a message to standard error saying that a binary file matches.

          If  TYPE  is  without-match, when grep discovers null input binary data it assumes that the rest of the
          file does not match; this is equivalent to the -I option.

          If TYPE is text, grep processes a binary file as if it were text; this is equivalent to the -a option.

          When type is binary, grep may treat non-text bytes as line terminators  even  without  the  -z  option.
          This  means choosing binary versus text can affect whether a pattern matches a file.  For example, when
          type is binary the pattern q$ might match q immediately followed by a null byte, even  though  this  is
          not  matched when type is text.  Conversely, when type is binary the pattern . (period) might not match
          a null byte.

          Warning: The -a option might output binary garbage, which can have nasty side effects if the output  is
          a  terminal  and  if  the  terminal  driver interprets some of it as commands.  On the other hand, when
          reading files whose text encodings are unknown, it can be helpful to use -a or to set LC_ALL='C' in the
          environment, in order to find more matches even if the matches are unsafe for direct display.
    • 0

相关问题