对syslog日志进行解析
发布时间:2020-12-15 21:09:21 所属栏目:大数据 来源:网络整理
导读:今天PHP站长网 52php.cn把收集自互联网的代码分享给大家,仅供参考。 #!Perlsub handle_syslog() {my($arg) = @_;my($result);my($pid)=0;my($prog);my $evtid=0;my $user = 0;my $category;die "the argument of syslog
以下代码由PHP站长网 52php.cn收集自互联网 现在PHP站长网小编把它分享给大家,仅供参考 #!Perl sub handle_syslog() { my($arg) = @_; my($result); my($pid)=0; my($prog); my $evtid=0; my $user = 0; my $category; die "the argument of syslog is empty" if ($arg eq ""); $arg=~/^d{1,2}/; my $facility = $&; $arg=~/ d{1} /; $&=~/d{1}/; my $severity=$&; $arg=~/bd[d{1,3}.]+bd{1,3}/; my $ip=$&; $arg=substr($arg,index($arg,$ip)+length($ip)+1); my @tmp=&parse_time($arg); my [email?protected][0]; my [email?protected][1]; $arg=$s; if ($arg=~/[A-Z a-z/]+[:[][ d]+b[:]]/) { $&=~/[A-Z a-z/]+/; $prog=$&; if(length($prog) < 64) { $arg=substr($arg,$prog)+length($prog)); }else { $prog=""; } } if($prog && $arg=~/[:[][ d]+b[:]]/){ $&=~/d+/; $pid=substr($&,6); if($pid > 65536) { $pid = 0; }else { $arg=substr($arg,$pid)+length($pid)); } } if($prog && $arg=~/: d+b:/){ $&=~/d+/; $evtid=substr($&,6); if($evtid > 65536) { $evtid = 0; } else { $arg=substr($arg,$evtid)+length($evtid)); } } if($arg=~/: [a-z]+:|: [a-z]+[a-z]+:|: [a-z]+ [a-z]+[a-z]+:/i){ $&=~/[^:]+/; $user=$&; if(length($user) < 64) { $arg=substr($arg,$user)+length($user)); }else { $user = ""; } } if($arg=~/: .+b:/i){ $&=~/[^:]+/i; $category = $&; if(length($category) > 64) { $category = ""; }else { $arg=substr($arg,$category)+length($category)+2); } } my $content=$arg; if(length($content) > 1024) { $arg=substr($content,1023); $content=$arg; } my @facilitys=("kernel messages","user-level messages","mail system","system daemons","security/authorization messages (note 1)","messages generated internally by syslogd","line printer subsystem","network news subsystem","UUCP subsystem","clock daemon (note 2)","FTP daemon","NTP subsystem","log audit (note 1)","log alert (note 1)","local use 0 (local0)","local use 1 (local1)","local use 2 (local2)","local use 3 (local3)","local use 4 (local4)","local use 5 (local5)","local use 6 (local6)","local use 7 (local7)"); my @severitys=("Emergency","Alert","Critical","Error","Warning","Notice","Informational","Debug"); print "@facilitys[$facility],$severity,$ip,$tm,$prog,$pid,$evtid,$user,$category,$contentn"; $content=~s/'/''/g; my $ret = "@facilitys[$facility]n$severityn$ipn$tmn$progn$pidn$evtidn$usern$categoryn$content"; undef @tmp; undef @facilitys; undef @serveritys; undef $content; undef $arg; undef $ip; undef $tm; undef $severity; undef $facility; undef $prog; undef $pid; undef $evtid; undef $user; undef $category; undef $dbh; undef $sth; return $ret; } sub parse_time() { my($arg)[email?protected]_; my(@month)=("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"); my ($sec,$min,$hour,$day,$mon,$year,$wday,$yday,$isdst) = localtime(); $year+=1900; $mon+=1; my($tm)="$hour:$min:$sec"; if($arg=~/b[A-Z][a-z]{2} +d{1,2} [d{2}:]+bd{2}/){ $arg=substr($arg,$&)+length($&)+1); $date=$&; $date=~/b[A-Z][a-z]{2}/; for($n=0; $n<@month; $n++){ if($month[$n]=~/$&/){ $mon=$n+1; last; } } $date=~/d{1,2}/; $day=$&; $date=~/[d{2}:]+bd{2}/; $tm=$&; }elsif($arg=~/b[A-Z][a-z]{2} +d{1,2} +d{2,4} [d{2}:]+bd{2}/) { $arg=substr($arg,2}/; $day=$&; $date=~/d{1,4}/; $&=~/d{2,4}z/; $year=$&; $date=~/[d{2}:]+bd{2}/; $tm=$&; }elsif($arg=~/bd{2,4}-d{1,2}-d{1,2} +[d{2}:]+bd{2}/) { $arg=substr($arg,$&)+length($&)+1); $date=$&; $date=~/bd{2,4}/; $year=$&; $date=~/-d{1,2}-/; $&=~/d{1,2}/; $mon=$&; $date=~/-d{1,2} +/; $&=~/d{1,2}/; $day=$&; $date=~/[d{2}:]+bd{2}/; $tm=$&; } $tm="$year-$mon-$day $tm"; my @tmp; @tmp[0]=$tm; @tmp[1]=$arg; undef @month; return @tmp; } 以上内容由PHP站长网【52php.cn】收集整理供大家参考研究 如果以上内容对您有帮助,欢迎收藏、点赞、推荐、分享。 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |