如何用Java解析日志文件?

时间:2015-07-20 10:22:24

标签: java parsing logfile logparser

我有一个包含这两行数据的文件。

Jan 1 22:54:17 drop   %LOGSOURCE% >eth1 rule: 7; rule_uid: {C1336766-9489-  4049-9817-50584D83A245}; src: 70.77.116.190; dst: %DSTIP%; proto: tcp; product: VPN-1 & FireWall-1; service: 445; s_port: 2612;
Jan 1 23:02:56 accept %LOGSOURCE% >eth1 inzone: External; outzone: Local; rule: 3; rule_uid: {723F81EF-75C9-4CBB-8913-0EBB3686E0F7}; service_id: icmp-proto; ICMP: Echo Request; src: 24.188.22.101; dst: %DSTIP%; proto: icmp; ICMP Type: 8; ICMP Code: 0; product: VPN-1 & FireWall-1;

我真的知道将它们解析成不同列的代码是什么?一个问题是

eth1 rule:7;
eth1 inzone: External; outzone: Local;

我想让他们属于同一列。我真的需要一些绝望的帮助,因为我不知道编程,我的任务是执行此操作><

1 个答案:

答案 0 :(得分:1)

你可能从Java的字符串拆分函数开始:

Oracle Doc

Look at example 3

我认为你可以把你的第一栏作为从开头到'>'的所有内容在%LOGSOURCE%之后。我还猜测还有其他列会被集中在一起,最后你只希望每行有一定数量的列。

你可以使用这样的代码:

//a line of the log can be split on '>' and ';' for the other columns of interest
//logLine is a line off the your log, I'm assuming it's a string object
string[] splitLine = logLine.split("[>;]+");
//I'm pretending there are 7 columns, for simplicity sake I'm using an ArrayList
// of string arrays (ArraList<string[]>) that would get declared
//above all this called logList
string[] logEntry = new string[7];
//Save the time stamp of the log entry by iterating through splitLine
for(int counter1 = 0; counter1 < splitLine.length; counter1++)
{
   //Timestamp column
   if(counter1 == 0)
      logEntry[0] = splitLine[counter1];

   //First column
   if(counter1 == 1)
      logEntry[1] = splitLine[counter1];
   //Logic to determine what needs to get appended to second column, 
   //could be many if statements
   if(...)
      logEntry[1] += splitLine[counter1];

   //Logic to determine what starts third column
   if(...)
      logEntry[2] = splitLine[counter1];
   //Logic to determine what needs to get appended to third column,
   //could be many if statements
   if(...)
      logEntry[2] += splitLine[counter1];
   //And so on... till you fill all your columns up or as much as you want
}
//Add your columned log to your list for use after you've parsed up the file
logList.add(logEntry);

你可能会把所有这些逻辑都放在一个for循环中,它会不断地从你的日志中抓取一行到代码示例顶部使用的logLine字符串。这不是最有效的方式,但它非常简单。希望这能让您开始解决问题。

相关问题
最新问题