我有icecast访问日志像这样:
11.11.111.11 - 5229 [08/May/2018:11:43:38 +0200] "GET /chillout_delicate.ogg HTTP/1.1" 200 36256 "-" "Dalvik/1.6.0 (Linux; U; Android 4.3; GT-I9300 Build/JSS15J)" 0
111.111.11.111 - 2510/14 [08/May/2018:11:43:39 +0200] "GET /pub3.ogg HTTP/1.1" 200 36467 "-" "Dalvik/1.6.0 (Linux; U; Android 4.4.2; GT-P5200 Build/KOT49H)" 1
第一个值是IP。第二个,在 - 之后,是用户名。通常它是一个像2510/14或234的数字。我发现我尝试自定义的php文件。
<?php
$ac_arr = file('/var/log/icecast2/access.log');
$astring = join("", $ac_arr);
$astring = preg_replace("/(\n|\r|\t)/", "", $astring);
$records = preg_split("/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $astring, -1, PREG_SPLIT_DELIM_CAPTURE);
$sizerecs = sizeof($records);
// now split into records
$i = 1;
$each_rec = 0;
while($i<$sizerecs) {
$ip = $records[$i];
$all = $records[$i+1];
// parse other fields
preg_match("/\[(.+)\]/", $all, $match);
$access_time = $match[1];
$all = str_replace($match[1], "", $all);
preg_match("/\"[A-Z]{3,7} (.[^\"]+)/", $all, $match);
$http = $match[1];
$link = explode(" ", $http);
$all = str_replace("\"[A-Z]{3,7} $match[1]\"", "", $all);
preg_match("/([0-9]{3})/", $all, $match);
$success_code = $match[1];
$all = str_replace($match[1], "", $all);
preg_match("/\"(.[^\"]+)/", $all, $match);
$ref = $match[1];
$all = str_replace("\"$match[1]\"", "", $all);
preg_match("/\"(.[^\"]+)/", $all, $match);
$browser = $match[1];
$all = str_replace("\"$match[1]\"", "", $all);
preg_match("/([0-9]+\b)/", $all, $match);
$bytes = $match[1];
$all = str_replace($match[1], "", $all);
print("<br>IP: $ip<br>Access Time: $access_time<br>Page: $link[0]<br>Type: $link[1]<br>Success Code: $success_code<br>Bytes Transferred: $bytes<br>Referer: $ref <br>Browser: $browser<hr>");
// advance to next record
$i = $i + 2;
$each_rec++;
}
?>
它给了我结果
IP: xxx.xxx.xx.xx
Access Time: 08/May/2018:11:58:19 +0200
Page: /restaurant.ogg
Type: HTTP/1.1
Success Code: 153
Bytes Transferred: 8
Referer: GET /restaurant.ogg HTTP/1.1
Browser: Dalvik/1.6.0 (Linux; U; Android 4.1.2; IdeaTabA1000-F Build/JZO54K)
我对正则表达式没什么经验。如何添加此结果用户名?请帮忙。
答案 0 :(得分:0)
试试这个正则表达式:
https://regex101.com/r/ETKSr3/2
它会像我想的那样一次性解析你的字符串。
$re = '/(\d+\.\d+\.\d+\.\d+)\s-\s([\d\/]+)\s\[(.*?)\]\s\"(.*?)\s\/(.*?)\s(.*?)\"\s(\d+)\s(\d+).*?\"(\w+.*?)\"\s(\d+)/m';
$str = '11.11.111.11 - 5229 [08/May/2018:11:43:38 +0200] "GET /chillout_delicate.ogg HTTP/1.1" 200 36256 "-" "Dalvik/1.6.0 (Linux; U; Android 4.3; GT-I9300 Build/JSS15J)" 0
111.111.11.111 - 2510/14 [08/May/2018:11:43:39 +0200] "GET /pub3.ogg HTTP/1.1" 200 36467 "-" "Dalvik/1.6.0 (Linux; U; Android 4.4.2; GT-P5200 Build/KOT49H)" 1';
preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0);
// Print the entire match result
var_dump($matches);