The main issue with your example is that you are trying to return groupings, this is not possible IIUC. One way around this is to use positive look-behind (see man perlre):

您的示例的主要问题是您正在尝试返回分组，这是不可能的 IIUC。解决此问题的一种方法是使用正向后视（请参阅 参考资料man perlre）：

grep -oP '(?<=SRC=|SPT=)[^ ]*'

Output:

输出：

1.1.1.1
80

Here's a more portable alternative:

这是一个更便携的替代方案：

grep -o 'SRC=[^ ]*\|SPT=[^ ]*' | grep -o '[^=]*$'

If you want the output to be on one line, you should consider going one tool up, i.e. use Lev'sanswer. If you know that the output always comes in pairs, you could join the lines with paste:

如果您希望输出在一行上，您应该考虑使用一种工具，即使用Lev 的答案。如果您知道输出总是成对出现，您可以将这些行加入paste：

grep -oP '(?<=SRC=|SPT=)[^ ]*' | paste - -

Or with xargs:

或与xargs：

grep -oP '(?<=SRC=|SPT=)[^ ]*' | xargs -n2

Or sed:

或sed：

grep -oP '(?<=SRC=|SPT=)[^ ]*' | sed 'N; s/\n/ /'

A sedapproach:

一种sed做法：

sed -rn 's/.*SRC=([^ ]+).*SPT=([0-9]+).*/ /p' /var/log/iptables.log

You can pipe it to while read src sptin your script or something similar. Now this of course is not very efficient, because of three stars in the pattern, so if performance is an issue, you can consider using things like cutto extract certain fields:

您可以将其通过管道传输到while read src spt脚本或类似内容中。现在这当然不是很有效，因为模式中的三颗星，所以如果性能是一个问题，你可以考虑使用诸如cut提取某些字段之类的东西：

cut -d' ' -f12,21 /var/log/iptables.log

Not sure if the log format is consistent enough for this to work.

不确定日志格式是否足够一致以使其正常工作。