对syslog日志进行解析
发布时间:2020-12-15 21:09:21 所属栏目:大数据 来源:网络整理
导读:今天PHP站长网 52php.cn把收集自互联网的代码分享给大家,仅供参考。 #!Perlsub handle_syslog() {my($arg) = @_;my($result);my($pid)=0;my($prog);my $evtid=0;my $user = 0;my $category;die "the argument of syslog
|
以下代码由PHP站长网 52php.cn收集自互联网 现在PHP站长网小编把它分享给大家,仅供参考 #!Perl
sub handle_syslog()
{
my($arg) = @_;
my($result);
my($pid)=0;
my($prog);
my $evtid=0;
my $user = 0;
my $category;
die "the argument of syslog is empty" if ($arg eq "");
$arg=~/^d{1,2}/;
my $facility = $&;
$arg=~/ d{1} /;
$&=~/d{1}/;
my $severity=$&;
$arg=~/bd[d{1,3}.]+bd{1,3}/;
my $ip=$&;
$arg=substr($arg,index($arg,$ip)+length($ip)+1);
my @tmp=&parse_time($arg);
my [email?protected][0];
my [email?protected][1];
$arg=$s;
if ($arg=~/[A-Z a-z/]+[:[][ d]+b[:]]/) {
$&=~/[A-Z a-z/]+/;
$prog=$&;
if(length($prog) < 64) {
$arg=substr($arg,$prog)+length($prog));
}else {
$prog="";
}
}
if($prog && $arg=~/[:[][ d]+b[:]]/){
$&=~/d+/;
$pid=substr($&,6);
if($pid > 65536) {
$pid = 0;
}else {
$arg=substr($arg,$pid)+length($pid));
}
}
if($prog && $arg=~/: d+b:/){
$&=~/d+/;
$evtid=substr($&,6);
if($evtid > 65536) {
$evtid = 0;
} else {
$arg=substr($arg,$evtid)+length($evtid));
}
}
if($arg=~/: [a-z]+:|: [a-z]+[a-z]+:|: [a-z]+ [a-z]+[a-z]+:/i){
$&=~/[^:]+/;
$user=$&;
if(length($user) < 64) {
$arg=substr($arg,$user)+length($user));
}else {
$user = "";
}
}
if($arg=~/: .+b:/i){
$&=~/[^:]+/i;
$category = $&;
if(length($category) > 64) {
$category = "";
}else {
$arg=substr($arg,$category)+length($category)+2);
}
}
my $content=$arg;
if(length($content) > 1024) {
$arg=substr($content,1023);
$content=$arg;
}
my @facilitys=("kernel messages","user-level messages","mail system","system daemons","security/authorization messages (note 1)","messages generated internally by syslogd","line printer subsystem","network news subsystem","UUCP subsystem","clock daemon (note 2)","FTP daemon","NTP subsystem","log audit (note 1)","log alert (note 1)","local use 0 (local0)","local use 1 (local1)","local use 2 (local2)","local use 3 (local3)","local use 4 (local4)","local use 5 (local5)","local use 6 (local6)","local use 7 (local7)");
my @severitys=("Emergency","Alert","Critical","Error","Warning","Notice","Informational","Debug");
print "@facilitys[$facility],$severity,$ip,$tm,$prog,$pid,$evtid,$user,$category,$contentn";
$content=~s/'/''/g;
my $ret = "@facilitys[$facility]n$severityn$ipn$tmn$progn$pidn$evtidn$usern$categoryn$content";
undef @tmp;
undef @facilitys;
undef @serveritys;
undef $content;
undef $arg;
undef $ip;
undef $tm;
undef $severity;
undef $facility;
undef $prog;
undef $pid;
undef $evtid;
undef $user;
undef $category;
undef $dbh;
undef $sth;
return $ret;
}
sub parse_time()
{
my($arg)[email?protected]_;
my(@month)=("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec");
my ($sec,$min,$hour,$day,$mon,$year,$wday,$yday,$isdst) = localtime();
$year+=1900;
$mon+=1;
my($tm)="$hour:$min:$sec";
if($arg=~/b[A-Z][a-z]{2} +d{1,2} [d{2}:]+bd{2}/){
$arg=substr($arg,$&)+length($&)+1);
$date=$&;
$date=~/b[A-Z][a-z]{2}/;
for($n=0; $n<@month; $n++){
if($month[$n]=~/$&/){
$mon=$n+1;
last;
}
}
$date=~/d{1,2}/;
$day=$&;
$date=~/[d{2}:]+bd{2}/;
$tm=$&;
}elsif($arg=~/b[A-Z][a-z]{2} +d{1,2} +d{2,4} [d{2}:]+bd{2}/) {
$arg=substr($arg,2}/;
$day=$&;
$date=~/d{1,4}/;
$&=~/d{2,4}z/;
$year=$&;
$date=~/[d{2}:]+bd{2}/;
$tm=$&;
}elsif($arg=~/bd{2,4}-d{1,2}-d{1,2} +[d{2}:]+bd{2}/) {
$arg=substr($arg,$&)+length($&)+1);
$date=$&;
$date=~/bd{2,4}/;
$year=$&;
$date=~/-d{1,2}-/;
$&=~/d{1,2}/;
$mon=$&;
$date=~/-d{1,2} +/;
$&=~/d{1,2}/;
$day=$&;
$date=~/[d{2}:]+bd{2}/;
$tm=$&;
}
$tm="$year-$mon-$day $tm";
my @tmp;
@tmp[0]=$tm;
@tmp[1]=$arg;
undef @month;
return @tmp;
}
以上内容由PHP站长网【52php.cn】收集整理供大家参考研究 如果以上内容对您有帮助,欢迎收藏、点赞、推荐、分享。 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |