I'm absolutely terrible at regex; can anyone help me solve the expression I need in order to separate two values I need from a log file?
Log file example.
1/28/2013 8:43:22 PM Removed {178.76.234.41}
1/28/2013 8:43:22 PM Removed {78.105.26.0}
1/28/2013 8:43:22 PM Removed {24.165.198.12}
1/28/2013 8:43:23 PM Added {178.76.234.41}
1/28/2013 8:43:23 PM Added {69.246.227.43}
With my current code I am able to separate the IP address, however I now need both the state (added/removed) and the IP address. Here is my current code.
preg_match_all("/.*{(.*)}.*/", $a, $b);
What do I need to replace "/.{(.)}.*/" with in order to grab both the state and the IP address to store into the array?
If those are the only two words you need to include, have you tried something like this?
preg_match_all("~(Removed|Added)\s+{(.*)}~i", $a, $b);
So in total:
$a = '1/28/2013 8:43:22 PM Removed {178.76.234.41}
1/28/2013 8:43:22 PM Removed {78.105.26.0}
1/28/2013 8:43:22 PM Removed {24.165.198.12}
1/28/2013 8:43:23 PM Added {178.76.234.41}
1/28/2013 8:43:23 PM Added {69.246.227.43}';
preg_match_all("~(Removed|Added)\s+{(.*)}~i", $a, $b);
print_r($b);
And resulting in this:
Array ( [0] => Array ( [0] => Removed {178.76.234.41} [1] => Removed {78.105.26.0} [2] => Removed {24.165.198.12} [3] => Added {178.76.234.41} [4] => Added {69.246.227.43} ) [1] => Array ( [0] => Removed [1] => Removed [2] => Removed [3] => Added [4] => Added ) [2] => Array ( [0] => 178.76.234.41 [1] => 78.105.26.0 [2] => 24.165.198.12 [3] => 178.76.234.41 [4] => 69.246.227.43 ) )
I think this works for you;
$s = '1/28/2013 8:43:22 PM Removed {178.76.234.41}
1/28/2013 8:43:22 PM Removed {78.105.26.0}
1/28/2013 8:43:22 PM Removed {24.165.198.12}
1/28/2013 8:43:23 PM Added {178.76.234.41}
1/28/2013 8:43:23 PM Added {69.246.227.43}';
preg_match_all('~(?P<TIME>.*PM)\s+(?P<STATE>Added|Removed)\s+{(?P<IP>.*)}~i', $s, $m, PREG_SET_ORDER);
print_r($m);
// or
foreach ($m as $log) {
printf("Time: %s, State: %s, Ip: %s
", $log['TIME'], $log['STATE'], $log['IP']);
// Time: 1/28/2013 8:43:22 PM, State: Removed, Ip: 178.76.234.41 ...
}
Out;
Array
(
[0] => Array
(
[0] => 1/28/2013 8:43:22 PM Removed {178.76.234.41}
[TIME] => 1/28/2013 8:43:22 PM
[1] => 1/28/2013 8:43:22 PM
[STATE] => Removed
[2] => Removed
[IP] => 178.76.234.41
[3] => 178.76.234.41
)
[1] => Array
(
[0] => 1/28/2013 8:43:22 PM Removed {78.105.26.0}
[TIME] => 1/28/2013 8:43:22 PM
[1] => 1/28/2013 8:43:22 PM
[STATE] => Removed
[2] => Removed
[IP] => 78.105.26.0
[3] => 78.105.26.0
)
...
You don't actually need a regular expression to match this. You can split it on whitespace using preg_split() and \s+ as your delimiter, and then strip off the braces {} from the IP address with a simple function like trim().
$output = array();
// While reading line by line...
$parts = preg_split('/\s+/', $line);
$output[] = array(
'state' => $parts[3],
'ip' => trim($parts[4], '{}')
);