解析原始apache日志

时间:2010-05-11 15:48:29

标签: php apache parsing logging

我需要一些PHP代码来解析原始apache日志。 特别是,我想要mode = search的次数和用于搜索的术语。这是一个例子:

207.46.195.228 - - [30/Apr/2010:03:24:26 -0700] "GET /index.php?mode=search&term=AE1008787E0174 HTTP/1.1" 200 13047 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
212.81.200.167 - - [30/Apr/2010:04:21:43 -0700] "GET /index.php?mode=search&term=WH2002D-YYH HTTP/1.1" 200 12079 "http://www.mysite.com/SearchGBY.php?page=81" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; WinuE v6; InfoPath.2; WinuE v6)"
212.81.200.167 - - [30/Apr/2010:04:21:44 -0700] "GET /file_uploads/banners/banner.swf HTTP/1.1" 200 50487 "-" "contype"
66.249.68.168 - - [30/Apr/2010:04:21:45 -0700] "GET /index.php?mode=search&term=WH2002D-YYH HTTP/1.1" 200 12079 "-" "Mediapartners-Google"

2 个答案:

答案 0 :(得分:3)

我最近为此写了一个非常粗糙的解析器:


$ignore = array('css', 'png', 'gif', 'jpg', 'jpeg', 'js', 'ico');

$f = fopen('access_log', "r");
if(!$f) die("Failed to open log for reading.");

while (!feof($f)) {

    $buff = fgets($f, 4096);

    $parts = explode(' ', $buff);

    if(in_array(end(explode('.', $parts[6])), $ignore)) continue;

    $domain = trim(end($parts));

    // http method
    $http_method = substr($parts[5], 1);
    if($http_method != 'GET' && $http_method != 'POST') continue;

    // parse out the date
    list($d, $m, $y) = explode('/', substr($parts[3], 1));
    $y = substr($y, 0, 4);
    $time = strtotime("{$d} {$m} {$y}");

    print "{$time} {$parts[0]} {$http_method} {$parts[6]} $domain\n";
}

$ parts [6]应包含您感兴趣的部分(访问的资源)。这应该让你顺利...

答案 1 :(得分:0)

就像使用正则表达式一样简单:http://php.net/manual/en/book.regex.php