2

我对正则表达式非常糟糕;谁能帮我解决我需要的表达式,以便从日志文件中分离出我需要的两个值?

日志文件示例。

1/28/2013 8:43:22 PM Removed        {178.76.234.41}
1/28/2013 8:43:22 PM Removed        {78.105.26.0}
1/28/2013 8:43:22 PM Removed        {24.165.198.12}
1/28/2013 8:43:23 PM Added          {178.76.234.41}
1/28/2013 8:43:23 PM Added          {69.246.227.43}

使用我当前的代码,我可以分离 IP 地址,但是我现在需要状态(添加/删除)和 IP 地址。这是我当前的代码。

preg_match_all("/.*{(.*)}.*/", $a, $b);

我需要用什么替换“/.{(.)}.*/ 才能获取状态和 IP 地址以存储到数组中?

4

3 回答 3

3

您实际上不需要正则表达式来匹配它。preg_split()您可以使用和作为分隔符将其拆分为空格\s+,然后{}使用简单的函数(如trim().

$output = array();

// While reading line by line...
$parts = preg_split('/\s+/', $line);
$output[] = array(
  'state' => $parts[3],
  'ip' => trim($parts[4], '{}')
);

http://codepad.viper-7.com/fD8kgQ

于 2013-01-29T03:04:58.310 回答
1

如果这些是您需要包含的唯一两个词,您是否尝试过这样的事情?

preg_match_all("~(Removed|Added)\s+{(.*)}~i", $a, $b);

所以总的来说:

$a = '1/28/2013 8:43:22 PM Removed        {178.76.234.41}
      1/28/2013 8:43:22 PM Removed        {78.105.26.0}
      1/28/2013 8:43:22 PM Removed        {24.165.198.12}
      1/28/2013 8:43:23 PM Added          {178.76.234.41}
      1/28/2013 8:43:23 PM Added          {69.246.227.43}';
preg_match_all("~(Removed|Added)\s+{(.*)}~i", $a, $b);
print_r($b);

结果是:

Array ( [0] => Array ( [0] => Removed {178.76.234.41} [1] => Removed {78.105.26.0} [2] => Removed {24.165.198.12} [3] => Added {178.76.234.41} [4] => Added {69.246.227.43} ) [1] => Array ( [0] => Removed [1] => Removed [2] => Removed [3] => Added [4] => Added ) [2] => Array ( [0] => 178.76.234.41 [1] => 78.105.26.0 [2] => 24.165.198.12 [3] => 178.76.234.41 [4] => 69.246.227.43 ) )
于 2013-01-29T03:04:19.197 回答
1

我认为这对你有用;

$s = '1/28/2013 8:43:22 PM Removed        {178.76.234.41}
      1/28/2013 8:43:22 PM Removed        {78.105.26.0}
      1/28/2013 8:43:22 PM Removed        {24.165.198.12}
      1/28/2013 8:43:23 PM Added          {178.76.234.41}
      1/28/2013 8:43:23 PM Added          {69.246.227.43}';
preg_match_all('~(?P<TIME>.*PM)\s+(?P<STATE>Added|Removed)\s+{(?P<IP>.*)}~i', $s, $m, PREG_SET_ORDER);
print_r($m);
// or 
foreach ($m as $log) {
    printf("Time: %s, State: %s, Ip: %s\n", $log['TIME'], $log['STATE'], $log['IP']);
    // Time: 1/28/2013 8:43:22 PM, State: Removed, Ip: 178.76.234.41 ...
}

出去;

大批
(
    [0] => 数组
        (
            [0] => 2013 年 1 月 28 日晚上 8:43:22 已删除 {178.76.234.41}
            [时间] => 2013 年 1 月 28 日晚上 8:43:22
            [1] => 2013 年 1 月 28 日晚上 8 点 43 分 22 秒
            [状态] => 已删除
            [2] => 已移除
            [IP] => 178.76.234.41
            [3] => 178.76.234.41
        )

    [1] => 数组
        (
            [0] => 2013 年 1 月 28 日晚上 8:43:22 删除 {78.105.26.0}
            [时间] => 2013 年 1 月 28 日晚上 8:43:22
            [1] => 2013 年 1 月 28 日晚上 8 点 43 分 22 秒
            [状态] => 已删除
            [2] => 已移除
            [IP] => 78.105.26.0
            [3] => 78.105.26.0
        )
    ...
于 2013-01-29T03:32:00.180 回答