donglengli0644 2015-03-06 21:56
浏览 54
已采纳

php从文件中找到字符串,以xxx字开头,直到字yyy

It's a log file contained lines like this

...
Mar  1 03:34:24 domain sshd[19178]: Failed password for root from 222.186.55.230 port 3005 ssh2
...

I would like to put in array every line where user fail and in other array lines where user succeed Lines started with xxx=Failed or succeed till yyy=ssh2 so then I could get ip from both array with:

preg_match_all("/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/", $securelogfile, $matches);

and get the difference ip in a new array. I'm terrible at regex what I was trying is just wasting my time.

  • 写回答

1条回答 默认 最新

  • dongpin6941 2015-03-09 12:51
    关注

    Answering my question as @ThomasKilian did . I use for failed:

     preg_match_all("/^(\b(Failed)\b\s+)(\w+ +){4}((\d+\.){3}\d+)( +\w+){3}/", $securelogfile, $matches);

    for Failed log lines and: 

     preg_match_all("/^(\b(Success)\b\s+)(\w+ +){4}((\d+\.){3}\d+)( +\w+){3}/", $securelogfile, $matches);

    Keep in mind that first {4} indicate 4 words counting after "Failed or Succeed"

    That give arrays where I should I should get clean IPs and then get the difference.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 为什么eprime输出的数据会有缺失?
  • ¥20 腾讯企业邮箱邮件可以恢复么
  • ¥15 有人知道怎么将自己的迁移策略布到edgecloudsim上使用吗?
  • ¥15 错误 LNK2001 无法解析的外部符号
  • ¥50 安装pyaudiokits失败
  • ¥15 计组这些题应该咋做呀
  • ¥60 更换迈创SOL6M4AE卡的时候,驱动要重新装才能使用,怎么解决?
  • ¥15 让node服务器有自动加载文件的功能
  • ¥15 jmeter脚本回放有的是对的有的是错的
  • ¥15 r语言蛋白组学相关问题