错误条目如下:
2011/06/10 13:30:10 [error] 23263#0: *1 directory index of "/var/www/ssl/" is forbidden, client: 86.186.86.232, server: hotelpublisher.com, request: "GET / HTTP/1.1", host: "hotelpublisher.com"
我需要解析:
date/time
error type
error message
client
server
request
host
使用substr可以轻松获得第一位(解析日期)。虽然我REGEX不太好,但我希望能听到更好的解决方案。我想,简单地按,进行爆炸也不会有效,因为错误也可能包含逗号。
最有效的方法是什么?
答案 0 :(得分:3)
怎么样:
$str = '2011/06/10 13:30:10 [error] 23263#0: *1 directory index of "/var/www/ssl/" is forbidden, client: 86.186.86.232, server: hotelpublisher.com, request: "GET / HTTP/1.1", host: "hotelpublisher.com"';
preg_match('~^(?P<datetime>[\d+/ :]+) \[(?P<errortype>.+)\] .*?: (?P<errormessage>.+), client: (?P<client>.+), server: (?P<server>.+), request: (?P<request>.+), host: (?P<host>.+)$~', $str, $matches);
print_r($matches);
<强>输出:
Array
(
[0] => 2011/06/10 13:30:10 [error] 23263#0: *1 directory index of "/var/www/ssl/" is forbidden, client: 86.186.86.232, server: hotelpublisher.com, request: "GET / HTTP/1.1", host: "hotelpublisher.com"
[datetime] => 2011/06/10 13:30:10
[1] => 2011/06/10 13:30:10
[errortype] => error
[2] => error
[errormessage] => *1 directory index of "/var/www/ssl/" is forbidden
[3] => *1 directory index of "/var/www/ssl/" is forbidden
[client] => 86.186.86.232
[4] => 86.186.86.232
[server] => hotelpublisher.com
[5] => hotelpublisher.com
[request] => "GET / HTTP/1.1"
[6] => "GET / HTTP/1.1"
[host] => "hotelpublisher.com"
[7] => "hotelpublisher.com"
)
答案 1 :(得分:2)
这就是我做到的。
$error = array();
$error['date'] = strtotime(substr($line, 0, 19));
$line = substr($line, 20);
$error_str = explode(': ', strstr($line, ', client:', TRUE), 2);
$error['message'] = $error_str[1];
preg_match("|\[([a-z]+)\] (\d+)#(\d+)|", $error_str[0], $matches);
$error['error_type'] = $matches[1];
$args_str = explode(', ', substr(strstr($line, ', client:'), 2));
$args = array();
foreach($args_str as $a)
{
$name_value = explode(': ', $a, 2);
$args[$name_value[0]] = trim($name_value[1], '"');
}
$error = array_merge($error, $args);
die(var_dump( $error ));
将产生:
array(7) {
["date"]=>
int(1307709010)
["message"]=>
string(50) "*1 directory index of "/var/www/ssl/" is forbidden"
["error_type"]=>
string(5) "error"
["client"]=>
string(13) "86.186.86.232"
["server"]=>
string(18) "hotelpublisher.com"
["request"]=>
string(14) "GET / HTTP/1.1"
["host"]=>
string(18) "hotelpublisher.com"
}
只想看一些投票,知道哪个是关于性能/可靠性的首选方案。
答案 2 :(得分:2)
试试这段代码:
$str = '2011/06/10 13:30:10 [error] 23263#0: *1 directory index of "/var/www/ssl/" is forbidden, client: 86.186.86.232, server: hotelpublisher.com, request: "GET / HTTP/1.1", host: "hotelpublisher.com"';
preg_match('~^(\d{4}/\d{2}/\d{2}\s\d{2}:\d{2}:\d{2})\s\[([^]]*)\]\s[^:]*:\s(.*?)\sclient:\s([^,]*),\sserver:\s([^,]*),\srequest:\s"([^"]*)",\shost:\s"([^"]*)"~', $str, $m );
list($line, $dateTime, $type, $msg, $client, $server, $request, $host ) = $m;
var_dump($dateTime);
var_dump($type);
var_dump($msg);
var_dump($client);
var_dump($server);
var_dump($request);
var_dump($host);
string(19) "2011/06/10 13:30:10"
string(5) "error"
string(60) "*1 directory index of "/var/www/ssl/" is forbidden,"
string(13) "86.186.86.232"
string(18) "hotelpublisher.com"
string(14) "GET / HTTP/1.1"
string(18) "hotelpublisher.com"
答案 3 :(得分:1)
如果您无权格式化日志文件,则会执行以下操作:
$regex = '~(\d{4}/\d{2}/\d{2}) (\d{2}:\d{2}:\d{2}) \[(\w+)\] (.*?) client: (\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}), server: (.*?), request: "(.*?)", host: "(.*?)"~';
preg_match($regex, $line, $matches);
list($all,$date,$time,$type,$message,$client,$server,$request,$host) = $matches;
如果您做有权访问日志的格式,请将邮件放在最后而不是中间,然后您可以执行以下操作:
$log_arr = explode(', ', $line, 7);
list($date,$time,$type,$client,$server,$request,$host,$message) = $matches;
秘密是explode采用可选的第三个参数,限制要拆分的元素数量。因此,通过将其设置为8,该行的其余部分将存储为返回数组中的最后一个元素。 See the manual了解有关此内容的更多信息。
答案 4 :(得分:0)
请检查Nginx Error Log Reader;用于Nginx错误日志文件的php阅读器/解析器。该脚本能够递归读取错误日志并将其显示在用户友好的表中。脚本配置包括每页要读取的字节数,并允许通过错误日志进行分页。