Fatal编程技术网
  • regex/
  • Regex 需要一个正则表达式来解析Apache文件

Regex 需要一个正则表达式来解析Apache文件

regex apache

Regex 需要一个正则表达式来解析Apache文件,regex,apache,Regex,Apache,我需要一个正则表达式来解析Apache文件 For example: Here is a portion of a /var/log/httpd/error_log [Sun Sep 02 03:34:01 2012] [notice] Digest: done [Sun Sep 02 03:34:01 2012] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0- fips SVN/1.6.11 conf

我需要一个正则表达式来解析Apache文件

   For example:
 Here is a portion of a /var/log/httpd/error_log

[Sun Sep 02 03:34:01 2012] [notice] Digest: done
[Sun Sep 02 03:34:01 2012] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0- fips SVN/1.6.11 configured -- resuming normal operations
[Sun Sep 02 03:34:01 2012] [error] avahi_entry_group_add_service_strlst("localhost") failed: Invalid host name
[Sun Sep 02 08:01:14 2012] [error] [client 216.244.73.194] File does not exist: /var/www/html/manager
[Sun Sep 02 11:04:35 2012] [error] [client 58.218.199.250] File does not exist: /var/www/html/proxy
我想要一个包含空格作为分隔符并排除嵌入空格的正则表达式。apache错误日志格式在

[DAY MMM DD HH:MM:SS YYYY] [MSG_TYPE] DESCRIPTOR: MESSAGE

[DAY MMM DD HH:MM:SS YYYY] [MSG_TYPE] [SOURCE IP] ERROR: DETAIL
我创建了两个正则表达式,第一个是

^(\[[\w:\s]+\]) (\[[\w]+\]) (\[[\w\d.\s]+\])?([\w\s/.(")-]+[\-:]) ([\w/\s]+)$
这是一个简单的,只是匹配的内容,因为它是

我想要一些类似于我创建的以下正则表达式的东西

      (?<=|\s)([\w:\S]+)
我同意应该使用现有的解析Apache日志的解决方案来完成这项任务

然而,如果你想尝试一些训练目的的东西,也许你想从这个开始。我不是在一个巨大的正则表达式中解析所有内容,而是在可读性更好的小步骤中进行解析:

代码
请注意,根据您的格式说明,第二行无效,程序将忽略它。

您正在重新设计控制盘。尝试用谷歌搜索“Apache log analyzer”来找到很多工具来完成这项工作。是的,我同意,但我正在为同样的目的创建一个程序,我不能使用外部工具:(根据您的格式描述,第二个日志行无效,对吧?它可以是“:”或任何其他字符作为描述符,无论如何,感谢您的代码。:)嗯,作为分隔符的任何其他字符都可能有点难以与相关单词区分。然而,代码应该是一个很好的开始,也许你可以向我们展示你正在使用的实际解决方案。如果我的回答有帮助,你可能还想投票是的,这确实很有帮助,我的代码是用JavaN编写的,我现在已经在我的问题中添加了它。无论如何,谢谢你的时间和回复。我投票赞成:)哦,我明白了,Java中的正则表达式没有那么有趣D 
void regexparser( CharBuffer cb)
{ try{
    Pattern linePattern = Pattern.compile(".*\r?\n");
    Pattern csvpat = Pattern.compile( "^\\[([\\w:\\s]+)\\] \\[([\\w]+)\\] (\\[([\\w\\d.\\s]+)\\])?([\\w\\s/.(\")-]+[\\-:]) ([\\w/\\s].+)",Pattern.CASE_INSENSITIVE | Pattern.UNICODE_CASE | Pattern.MULTILINE);
    Matcher lm = linePattern.matcher(cb);
    Matcher pm = null;

    while(lm.find())
    {   //System.out.print("1st loop");
        CharSequence cs = lm.group();

        if (pm==null)
            pm = csvpat.matcher(cs);
            else
                pm.reset(cs);
        while(pm.find())
        {  // System.out.println("2nd loop");
                //System.out.println(pm.groupCount());
                //CharSequence ps = pm.group();
                //System.out.print(ps);
            if(pm.group(4)==null)
                System.out.println(pm.group(1)+" "+pm.group(2)+" "+pm.group(5)+" "+pm.group(6));
            else
                System.out.println(pm.group(1)+" "+pm.group(2)+" "+pm.group(4)+" "+pm.group(5)+" "+pm.group(6));

#!/usr/bin/env perl

use strict;
use warnings;
use DateTime::Format::Strptime;
use feature 'say';

# iterate log lines
while (defined(my $line = <DATA>)) {
    chomp $line;

    # prepare
    my %data;
    my $strp = DateTime::Format::Strptime->new(
        pattern => '%a %b %d %H:%M:%S %Y',
    );

    # consume date/time
    next unless $line =~ s/^\[(\w+ \w+ \d+ \d\d:\d\d:\d\d \d{4})\] //;
    $data{date} = $strp->parse_datetime($1);

    # consume message type
    next unless $line =~ s/^\[(\w+)\] //;
    $data{type} = $1;

    # "[source ip]" alternative
    if ($line =~ s/^\[(\w+) ([\d\.]+)\] //) {
        @data{qw(source ip)} = ($1, $2);

        # consume "error: detail"
        next unless $line =~ s/([^:]+): (.*)//;
        @data{qw(error detail)} = ($1, $2);
    }

    # "descriptor: message" alternative
    elsif ($line =~ s/^([^:]+): (.*)//) {
        @data{qw(descriptor message)} = ($1, $2);
    }

    # invalid
    else {
        next;
    }

    # something left: invalid
    next if length $line;

    # parsed ok: output
    say "$_: $data{$_}" for keys %data;
    say '-' x 40;
}

__DATA__
[Sun Sep 02 03:34:01 2012] [notice] Digest: done
[Sun Sep 02 03:34:01 2012] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0- fips SVN/1.6.11 configured -- resuming normal operations
[Sun Sep 02 03:34:01 2012] [error] avahi_entry_group_add_service_strlst("localhost") failed: Invalid host name
[Sun Sep 02 08:01:14 2012] [error] [client 216.244.73.194] File does not exist: /var/www/html/manager
[Sun Sep 02 11:04:35 2012] [error] [client 58.218.199.250] File does not exist: /var/www/html/proxy

descriptor: Digest
date: 2012-09-02T03:34:01
type: notice
message: done
----------------------------------------
descriptor: avahi_entry_group_add_service_strlst("localhost") failed
date: 2012-09-02T03:34:01
type: error
message: Invalid host name
----------------------------------------
detail: /var/www/html/manager
source: client
ip: 216.244.73.194
date: 2012-09-02T08:01:14
error: File does not exist
type: error
----------------------------------------
detail: /var/www/html/proxy
source: client
ip: 58.218.199.250
date: 2012-09-02T11:04:35
error: File does not exist
type: error
----------------------------------------