今天公司经理给我出了一道正则表达式的题,说看看这段时间学的情况.为了不被他将应届毕业生看扁,于是我来了水源寻道.

题目如括号内:
(Dec 25 10:02:10 192.168.0.213 syslog-ng[22683]: syslog-ng starting up; version='2.0.6'
Dec 25 10:02:23 192.168.0.213 CRON[22595]: pam_unix(cron:session): session closed for user www-data
Dec 25 10:02:51 192.168.0.213 shutdown[22761]: shutting down for system reboot
Dec 25 10:02:54 192.168.0.213 init: Switching to runlevel: 6
Dec 25 10:03:02 192.168.0.213 kernel: CPU0: Temperature/speed normal
Dec 25 10:03:10 192.168.0.213 watchdog[2962]: stopping daemon (5.4)
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: starting watchdog keepalive daemon (5.4): int=10 alive=(null) realtime=yes
Dec 25 10:03:10 192.168.0.213 wd_keepalive[22852]: stopping watchdog keepalive daemon (5.4)
Dec 25 10:03:23 192.168.0.213 rpc.statd[2040]: Caught signal 15, un-registering and exiting.
Dec 25 10:03:24 192.168.0.213 ntop[2683]:   CLEANUP[t3054491312]: ntop caught signal 15
Dec 25 10:03:24 192.168.0.213 ntop[2683]:   THREADMGMT[t3054491312]: ntop RUNSTATE: SHUTDOWN(7)
取出时间、主机名、程序名、具体内容
比如第一条：Dec 25 10:02:10、192.168.0.213、syslog-ng、syslog-ng[22683]: syslog-ng starting up; version='2.0.6' )
    怎么写正则式,取出时间、主机名、程序名、具体内容呢? 我只知道写出个正则表达式和输入的字父串来比较,看看匹不匹配.可这种要求我是第一次看到,不知道如何下手啊!
    还望各位前辈解惑!

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

alert("Dec   25   10:03:24   192.168.0.213   ntop[2683]:       THREADMGMT[t3054491312]:   ntop  UNSTATE:   SHUTDOWN(7) ".replace(/(((.*?)( +)){3})((.*?)( +))((.*?)(\[))(.*)/,"时间:$1主机:$5程序：$9内容：$11"))
内容不知道需要什么．可以自己实现一下．
<?php
$data = "Dec   25   10:02:10   192.168.0.213   syslog-ng[22683]:   syslog-ng   starting   up;   version='2.0.6'
Dec   25   10:02:23   192.168.0.213   CRON[22595]:   pam_unix(cron:session):   session   closed   for   user   www-data
Dec   25   10:02:51   192.168.0.213   shutdown[22761]:   shutting   down   for   system   reboot
Dec   25   10:02:54   192.168.0.213   init:   Switching   to   runlevel:   6
Dec   25   10:03:02   192.168.0.213   kernel:   CPU0:   Temperature/speed   normal
Dec   25   10:03:10   192.168.0.213   watchdog[2962]:   stopping   daemon   (5.4)
Dec   25   10:03:10   192.168.0.213   wd_keepalive[22852]:   starting   watchdog   keepalive   daemon   (5.4):   int=10   alive=(null)   realtime=yes
Dec   25   10:03:10   192.168.0.213   wd_keepalive[22852]:   stopping   watchdog   keepalive   daemon   (5.4)
Dec   25   10:03:23   192.168.0.213   rpc.statd[2040]:   Caught   signal   15,   un-registering   and   exiting.
Dec   25   10:03:24   192.168.0.213   ntop[2683]:       CLEANUP[t3054491312]:   ntop   caught   signal   15
Dec   25   10:03:24   192.168.0.213   ntop[2683]:       THREADMGMT[t3054491312]:   ntop   RUNSTATE:   SHUTDOWN(7)";
$preg = "/(\w{3} +\d{1,2} +\d{1,2}:\d{1,2}:\d{1,2}) +([0-9\.]+) +([\w-]+)[^:]+:(.+)/";
preg_match_all($preg,$data,$a);
print_r($a);
只要你会正则，用这个函数preg_match_all　看看手册　应该就能解决这问题
<?php
$data = "Dec  25 10:02:10  192.168.0.213  syslog-ng[22683]:  syslog-ng  starting  up;  version='2.0.6'
Dec  25  10:02:23  192.168.0.213  CRON[22595]:  pam_unix(cron:session):  session  closed  for  user  www-data
Dec  25  10:02:51  192.168.0.213  shutdown[22761]:  shutting  down  for  system  reboot
Dec  25  10:02:54  192.168.0.213  init:  Switching  to  runlevel:  6
Dec  25  10:03:02  192.168.0.213  kernel:  CPU0:  Temperature/speed  normal
Dec  25  10:03:10  192.168.0.213  watchdog[2962]:  stopping  daemon  (5.4)
Dec  25  10:03:10  192.168.0.213  wd_keepalive[22852]:  starting  watchdog  keepalive  daemon  (5.4):  int=10  alive=(null)  realtime=yes
Dec  25  10:03:10  192.168.0.213  wd_keepalive[22852]:  stopping  watchdog  keepalive  daemon  (5.4)
Dec  25  10:03:23  192.168.0.213  rpc.statd[2040]:  Caught  signal  15,  un-registering  and  exiting.
Dec  25  10:03:24  192.168.0.213  ntop[2683]:    CLEANUP[t3054491312]:  ntop  caught  signal  15
Dec  25  10:03:24  192.168.0.213  ntop[2683]:    THREADMGMT[t3054491312]:  ntop  RUNSTATE:  SHUTDOWN(7)";
preg_match_all('/([\w]{3}[\s]+[\d]{1,2}[\s]+[\d]{1,2}:[\d]{1,2}:[\d]{1,2})[\s]+([0-9\.]{7,15})[\s]+([\w\-^\[+\.^:]+?)(?(?=\[[\d]+\])\[([\d]+)+\]):(.+)/i',$data,$a);
print_r($a);
?>ResultX-Powered-By: PHP/5.2.0
Content-type: text/htmlArray
(
    [0] => Array
        (
            [0] => Dec  25 10:02:10  192.168.0.213  syslog-ng[22683]:  syslog-ng  starting  up;  version='2.0.6'
            [1] => Dec  25  10:02:23  192.168.0.213  CRON[22595]:  pam_unix(cron:session):  session  closed  for  user  www-data
            [2] => Dec  25  10:02:51  192.168.0.213  shutdown[22761]:  shutting  down  for  system  reboot
            [3] => Dec  25  10:02:54  192.168.0.213  init:  Switching  to  runlevel:  6
            [4] => Dec  25  10:03:02  192.168.0.213  kernel:  CPU0:  Temperature/speed  normal
            [5] => Dec  25  10:03:10  192.168.0.213  watchdog[2962]:  stopping  daemon  (5.4)
            [6] => Dec  25  10:03:10  192.168.0.213  wd_keepalive[22852]:  starting  watchdog  keepalive  daemon  (5.4):  int=10  alive=(null)  realtime=yes
            [7] => Dec  25  10:03:10  192.168.0.213  wd_keepalive[22852]:  stopping  watchdog  keepalive  daemon  (5.4)
            [8] => Dec  25  10:03:23  192.168.0.213  rpc.statd[2040]:  Caught  signal  15,  un-registering  and  exiting.
            [9] => Dec  25  10:03:24  192.168.0.213  ntop[2683]:    CLEANUP[t3054491312]:  ntop  caught  signal  15
            [10] => Dec  25  10:03:24  192.168.0.213  ntop[2683]:    THREADMGMT[t3054491312]:  ntop  RUNSTATE:  SHUTDOWN(7)
        )    [1] => Array
        (
            [0] => Dec  25 10:02:10
            [1] => Dec  25  10:02:23
            [2] => Dec  25  10:02:51
            [3] => Dec  25  10:02:54
            [4] => Dec  25  10:03:02
            [5] => Dec  25  10:03:10
            [6] => Dec  25  10:03:10
            [7] => Dec  25  10:03:10
            [8] => Dec  25  10:03:23
            [9] => Dec  25  10:03:24
            [10] => Dec  25  10:03:24
        )    [2] => Array
        (
            [0] => 192.168.0.213
            [1] => 192.168.0.213
            [2] => 192.168.0.213
            [3] => 192.168.0.213
            [4] => 192.168.0.213
            [5] => 192.168.0.213
            [6] => 192.168.0.213
            [7] => 192.168.0.213
            [8] => 192.168.0.213
            [9] => 192.168.0.213
            [10] => 192.168.0.213
        )    [3] => Array
        (
            [0] => syslog-ng
            [1] => CRON
            [2] => shutdown
            [3] => init
            [4] => kernel
            [5] => watchdog
            [6] => wd_keepalive
            [7] => wd_keepalive
            [8] => rpc.statd
            [9] => ntop
            [10] => ntop
        )    [4] => Array
        (
            [0] => 22683
            [1] => 22595
            [2] => 22761
            [3] =>
            [4] =>
            [5] => 2962
            [6] => 22852
            [7] => 22852
            [8] => 2040
            [9] => 2683
            [10] => 2683
        )    [5] => Array
        (
            [0] =>   syslog-ng  starting  up;  version='2.0.6'
            [1] =>   pam_unix(cron:session):  session  closed  for  user  www-data
            [2] =>   shutting  down  for  system  reboot
            [3] =>   Switching  to  runlevel:  6
            [4] =>   CPU0:  Temperature/speed  normal
            [5] =>   stopping  daemon  (5.4)
            [6] =>   starting  watchdog  keepalive  daemon  (5.4):  int=10  alive=(null)  realtime=yes
            [7] =>   stopping  watchdog  keepalive  daemon  (5.4)
            [8] =>   Caught  signal  15,  un-registering  and  exiting.
            [9] =>     CLEANUP[t3054491312]:  ntop  caught  signal  15
            [10] =>     THREADMGMT[t3054491312]:  ntop  RUNSTATE:  SHUTDOWN(7)
        ))
还有什么需求可以去我的群.
群里的人想要解释.
写了个详解:)
http://topic.csdn.net/u/20080117/23/70236117-33b8-42a0-8077-951d4244bb68.html
<?php
$data   =   "Dec       25       10:02:10       192.168.0.213       syslog-ng[22683]:       syslog-ng       starting       up;       version='2.0.6'
Dec       25       10:02:23       192.168.0.213       CRON[22595]:       pam_unix(cron:session):       session       closed       for       user       www-data
Dec       25       10:02:51       192.168.0.213       shutdown[22761]:       shutting       down       for       system       reboot
Dec       25       10:02:54       192.168.0.213       init:       Switching       to       runlevel:       6
Dec       25       10:03:02       192.168.0.213       kernel:       CPU0:       Temperature/speed       normal
Dec       25       10:03:10       192.168.0.213       watchdog[2962]:       stopping       daemon       (5.4)
Dec       25       10:03:10       192.168.0.213       wd_keepalive[22852]:       starting       watchdog       keepalive       daemon       (5.4):       int=10       alive=(null)       realtime=yes
Dec       25       10:03:10       192.168.0.213       wd_keepalive[22852]:       stopping       watchdog       keepalive       daemon       (5.4)
Dec       25       10:03:23       192.168.0.213       rpc.statd[2040]:       Caught       signal       15,       un-registering       and       exiting.
Dec       25       10:03:24       192.168.0.213       ntop[2683]:               CLEANUP[t3054491312]:       ntop       caught       signal       15
Dec       25       10:03:24       192.168.0.213       ntop[2683]:               THREADMGMT[t3054491312]:       ntop       RUNSTATE:       SHUTDOWN(7)";
$preg   =   "/(\w{3}   +\d{1,2}   +\d{1,2}:\d{1,2}:\d{1,2})   +([0-9\.]+)   +([\w-]+)[^:]+:(.+)/";
preg_match_all($preg,$data,$a);
print_r($a);
(以上引用WJJCHEN的回复）
  $preg= "/(\w{3}   +\d{1,2}   +\d{1,2}:\d{1,2}:\d{1,2})   +([0-9\.]+)   +([\w-]+)[^:]+:(.+)/";
  这段正则不太能看懂，特别是 “+([\w-]+)[^:]+:(.+)”，这部分。还有就是若写成"/(\w{3}+\d{1,2}+\d{1,2}:\d{1,2}:\d{1,2})+([0-9\.]+)+([\w-]+)[^:]+:(.+)/" 就不能取出，为什么不能把“+”之前要有空格呢？
对于这类规则文本
直接读取行,再split 会比较好一些...因为前几列是固定的 index