题目如括号内:
(Dec 25 10:02:10 192.168.0.213 syslog-ng[22683]: syslog-ng starting up; version='2.0.6'
Dec 25 10:02:23 192.168.0.213 CRON[22595]: pam_unix(cron:session): session closed for user www-data
Dec 25 10:02:51 192.168.0.213 shutdown[22761]: shutting down for system reboot
Dec 25 10:02:54 192.168.0.213 init: Switching to runlevel: 6
Dec 25 10:03:02 192.168.0.213 kernel: CPU0: Temperature/speed normal
Dec 25 10:03:10 192.168.0.213 watchdog[2962]: stopping daemon (5.4)
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: starting watchdog keepalive daemon (5.4): int=10 alive=(null) realtime=yes
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: stopping watchdog keepalive daemon (5.4)
Dec 25 10:03:23 192.168.0.213 rpc.statd[2040]: Caught signal 15, un-registering and exiting.
Dec 25 10:03:24 192.168.0.213 ntop[2683]: CLEANUP[t3054491312]: ntop caught signal 15
Dec 25 10:03:24 192.168.0.213 ntop[2683]: THREADMGMT[t3054491312]: ntop RUNSTATE: SHUTDOWN(7)
取出时间、主机名、程序名、具体内容
比如第一条:Dec 25 10:02:10、192.168.0.213、syslog-ng、syslog-ng[22683]: syslog-ng starting up; version='2.0.6' )
怎么写正则式,取出时间、主机名、程序名、具体内容呢? 我只知道写出个正则表达式和输入的字父串来比较,看看匹不匹配.可这种要求我是第一次看到,不知道如何下手啊!
还望各位前辈解惑!
(Dec 25 10:02:10 192.168.0.213 syslog-ng[22683]: syslog-ng starting up; version='2.0.6'
Dec 25 10:02:23 192.168.0.213 CRON[22595]: pam_unix(cron:session): session closed for user www-data
Dec 25 10:02:51 192.168.0.213 shutdown[22761]: shutting down for system reboot
Dec 25 10:02:54 192.168.0.213 init: Switching to runlevel: 6
Dec 25 10:03:02 192.168.0.213 kernel: CPU0: Temperature/speed normal
Dec 25 10:03:10 192.168.0.213 watchdog[2962]: stopping daemon (5.4)
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: starting watchdog keepalive daemon (5.4): int=10 alive=(null) realtime=yes
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: stopping watchdog keepalive daemon (5.4)
Dec 25 10:03:23 192.168.0.213 rpc.statd[2040]: Caught signal 15, un-registering and exiting.
Dec 25 10:03:24 192.168.0.213 ntop[2683]: CLEANUP[t3054491312]: ntop caught signal 15
Dec 25 10:03:24 192.168.0.213 ntop[2683]: THREADMGMT[t3054491312]: ntop RUNSTATE: SHUTDOWN(7)
取出时间、主机名、程序名、具体内容
比如第一条:Dec 25 10:02:10、192.168.0.213、syslog-ng、syslog-ng[22683]: syslog-ng starting up; version='2.0.6' )
怎么写正则式,取出时间、主机名、程序名、具体内容呢? 我只知道写出个正则表达式和输入的字父串来比较,看看匹不匹配.可这种要求我是第一次看到,不知道如何下手啊!
还望各位前辈解惑!
内容不知道需要什么.可以自己实现一下.
$data = "Dec 25 10:02:10 192.168.0.213 syslog-ng[22683]: syslog-ng starting up; version='2.0.6'
Dec 25 10:02:23 192.168.0.213 CRON[22595]: pam_unix(cron:session): session closed for user www-data
Dec 25 10:02:51 192.168.0.213 shutdown[22761]: shutting down for system reboot
Dec 25 10:02:54 192.168.0.213 init: Switching to runlevel: 6
Dec 25 10:03:02 192.168.0.213 kernel: CPU0: Temperature/speed normal
Dec 25 10:03:10 192.168.0.213 watchdog[2962]: stopping daemon (5.4)
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: starting watchdog keepalive daemon (5.4): int=10 alive=(null) realtime=yes
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: stopping watchdog keepalive daemon (5.4)
Dec 25 10:03:23 192.168.0.213 rpc.statd[2040]: Caught signal 15, un-registering and exiting.
Dec 25 10:03:24 192.168.0.213 ntop[2683]: CLEANUP[t3054491312]: ntop caught signal 15
Dec 25 10:03:24 192.168.0.213 ntop[2683]: THREADMGMT[t3054491312]: ntop RUNSTATE: SHUTDOWN(7)";
$preg = "/(\w{3} +\d{1,2} +\d{1,2}:\d{1,2}:\d{1,2}) +([0-9\.]+) +([\w-]+)[^:]+:(.+)/";
preg_match_all($preg,$data,$a);
print_r($a);
<?php
$data = "Dec 25 10:02:10 192.168.0.213 syslog-ng[22683]: syslog-ng starting up; version='2.0.6'
Dec 25 10:02:23 192.168.0.213 CRON[22595]: pam_unix(cron:session): session closed for user www-data
Dec 25 10:02:51 192.168.0.213 shutdown[22761]: shutting down for system reboot
Dec 25 10:02:54 192.168.0.213 init: Switching to runlevel: 6
Dec 25 10:03:02 192.168.0.213 kernel: CPU0: Temperature/speed normal
Dec 25 10:03:10 192.168.0.213 watchdog[2962]: stopping daemon (5.4)
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: starting watchdog keepalive daemon (5.4): int=10 alive=(null) realtime=yes
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: stopping watchdog keepalive daemon (5.4)
Dec 25 10:03:23 192.168.0.213 rpc.statd[2040]: Caught signal 15, un-registering and exiting.
Dec 25 10:03:24 192.168.0.213 ntop[2683]: CLEANUP[t3054491312]: ntop caught signal 15
Dec 25 10:03:24 192.168.0.213 ntop[2683]: THREADMGMT[t3054491312]: ntop RUNSTATE: SHUTDOWN(7)";
preg_match_all('/([\w]{3}[\s]+[\d]{1,2}[\s]+[\d]{1,2}:[\d]{1,2}:[\d]{1,2})[\s]+([0-9\.]{7,15})[\s]+([\w\-^\[+\.^:]+?)(?(?=\[[\d]+\])\[([\d]+)+\]):(.+)/i',$data,$a);
print_r($a);
?>ResultX-Powered-By: PHP/5.2.0
Content-type: text/htmlArray
(
[0] => Array
(
[0] => Dec 25 10:02:10 192.168.0.213 syslog-ng[22683]: syslog-ng starting up; version='2.0.6'
[1] => Dec 25 10:02:23 192.168.0.213 CRON[22595]: pam_unix(cron:session): session closed for user www-data
[2] => Dec 25 10:02:51 192.168.0.213 shutdown[22761]: shutting down for system reboot
[3] => Dec 25 10:02:54 192.168.0.213 init: Switching to runlevel: 6
[4] => Dec 25 10:03:02 192.168.0.213 kernel: CPU0: Temperature/speed normal
[5] => Dec 25 10:03:10 192.168.0.213 watchdog[2962]: stopping daemon (5.4)
[6] => Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: starting watchdog keepalive daemon (5.4): int=10 alive=(null) realtime=yes
[7] => Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: stopping watchdog keepalive daemon (5.4)
[8] => Dec 25 10:03:23 192.168.0.213 rpc.statd[2040]: Caught signal 15, un-registering and exiting.
[9] => Dec 25 10:03:24 192.168.0.213 ntop[2683]: CLEANUP[t3054491312]: ntop caught signal 15
[10] => Dec 25 10:03:24 192.168.0.213 ntop[2683]: THREADMGMT[t3054491312]: ntop RUNSTATE: SHUTDOWN(7)
) [1] => Array
(
[0] => Dec 25 10:02:10
[1] => Dec 25 10:02:23
[2] => Dec 25 10:02:51
[3] => Dec 25 10:02:54
[4] => Dec 25 10:03:02
[5] => Dec 25 10:03:10
[6] => Dec 25 10:03:10
[7] => Dec 25 10:03:10
[8] => Dec 25 10:03:23
[9] => Dec 25 10:03:24
[10] => Dec 25 10:03:24
) [2] => Array
(
[0] => 192.168.0.213
[1] => 192.168.0.213
[2] => 192.168.0.213
[3] => 192.168.0.213
[4] => 192.168.0.213
[5] => 192.168.0.213
[6] => 192.168.0.213
[7] => 192.168.0.213
[8] => 192.168.0.213
[9] => 192.168.0.213
[10] => 192.168.0.213
) [3] => Array
(
[0] => syslog-ng
[1] => CRON
[2] => shutdown
[3] => init
[4] => kernel
[5] => watchdog
[6] => wd_keepalive
[7] => wd_keepalive
[8] => rpc.statd
[9] => ntop
[10] => ntop
) [4] => Array
(
[0] => 22683
[1] => 22595
[2] => 22761
[3] =>
[4] =>
[5] => 2962
[6] => 22852
[7] => 22852
[8] => 2040
[9] => 2683
[10] => 2683
) [5] => Array
(
[0] => syslog-ng starting up; version='2.0.6'
[1] => pam_unix(cron:session): session closed for user www-data
[2] => shutting down for system reboot
[3] => Switching to runlevel: 6
[4] => CPU0: Temperature/speed normal
[5] => stopping daemon (5.4)
[6] => starting watchdog keepalive daemon (5.4): int=10 alive=(null) realtime=yes
[7] => stopping watchdog keepalive daemon (5.4)
[8] => Caught signal 15, un-registering and exiting.
[9] => CLEANUP[t3054491312]: ntop caught signal 15
[10] => THREADMGMT[t3054491312]: ntop RUNSTATE: SHUTDOWN(7)
))
还有什么需求可以去我的群.
写了个详解:)
http://topic.csdn.net/u/20080117/23/70236117-33b8-42a0-8077-951d4244bb68.html
$data = "Dec 25 10:02:10 192.168.0.213 syslog-ng[22683]: syslog-ng starting up; version='2.0.6'
Dec 25 10:02:23 192.168.0.213 CRON[22595]: pam_unix(cron:session): session closed for user www-data
Dec 25 10:02:51 192.168.0.213 shutdown[22761]: shutting down for system reboot
Dec 25 10:02:54 192.168.0.213 init: Switching to runlevel: 6
Dec 25 10:03:02 192.168.0.213 kernel: CPU0: Temperature/speed normal
Dec 25 10:03:10 192.168.0.213 watchdog[2962]: stopping daemon (5.4)
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: starting watchdog keepalive daemon (5.4): int=10 alive=(null) realtime=yes
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: stopping watchdog keepalive daemon (5.4)
Dec 25 10:03:23 192.168.0.213 rpc.statd[2040]: Caught signal 15, un-registering and exiting.
Dec 25 10:03:24 192.168.0.213 ntop[2683]: CLEANUP[t3054491312]: ntop caught signal 15
Dec 25 10:03:24 192.168.0.213 ntop[2683]: THREADMGMT[t3054491312]: ntop RUNSTATE: SHUTDOWN(7)";
$preg = "/(\w{3} +\d{1,2} +\d{1,2}:\d{1,2}:\d{1,2}) +([0-9\.]+) +([\w-]+)[^:]+:(.+)/";
preg_match_all($preg,$data,$a);
print_r($a);
(以上引用WJJCHEN的回复)
$preg= "/(\w{3} +\d{1,2} +\d{1,2}:\d{1,2}:\d{1,2}) +([0-9\.]+) +([\w-]+)[^:]+:(.+)/";
这段正则不太能看懂,特别是 “+([\w-]+)[^:]+:(.+)”,这部分。还有就是若写成"/(\w{3}+\d{1,2}+\d{1,2}:\d{1,2}:\d{1,2})+([0-9\.]+)+([\w-]+)[^:]+:(.+)/" 就不能取出,为什么不能把“+”之前要有空格呢?
直接读取行,再split 会比较好一些...因为前几列是固定的 index