Re: please advise help with regex

i have been playing... will this work and wich is more efficient ?

/^([0-3][0-9]\-
#day -----|
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+ #month
|
\-(20)[0-9][0-9]\s+
#year till 2099 |
[0-9][0-9]\:
#hour |= date and time
[0-9][0-9]\:
#miniute |
[0-9][0-9]\:)
#hour -----|
((\.\d{3})?
#milliseconds
(\w\:)
#catagory ----- catagory
(\s+\w\:)
#severity ----- serverity
(\w\s+)
#host ----- host
(s+\d+\.\d+\.\d+\.\d+)
#ip ----- ip
(\#\d+/i)
#port ----- port
(\:\s+\s\w\s\w\:) #view
----- view
(\s+[:alpha:]/) #query
----- query


On 9/28/06, Rob Dixon <rob.dixon@xxxxxxx> wrote:

Gregory Machin wrote:
> Hi
> I need to parse the logs for my named server. i'm having difficulty
getting
> my mind around the regex to break the data up .. i want the break it up
and
> store it in a data base then maniptulate the data from there ...
> | date | time |catagory|severity|client |ip
> |port |view | |query
> |
> 28-Sep-2006 10:10:57.266update: info: client 192.168.1.170#33364: view
> internal: updating zone 'lan.linserv.co.za/IN': adding an RR at '
> greg.lan.linserv.co.za' A"
>
> any ideas ?

Hi Gregory

It looks like your data fields are separated by a colon and a space,
except for
the first three. Is there really nothing at all between the milliseconds
and the
'category' field?

Anyway, assuming the data I have is correct (it's difficult to tell with
the
wrapping that the various email systems apply) the code below should do
what you
want. It works by splitting on, as I said, colon and whitespace, and then
pulling off the first field and splitting it again into three based on the
contents of these fields' data. You also seem to want the client field
split
into 'client', IP address and port number, so I've pulled that field out
and
split it up as well.

Hope it helps,

Rob



use strict;
use warnings;

while (<DATA>) {

chomp;

my @data = split /:\s+/;

my $prefix = $data[0];
splice @data, 0, 1, $prefix =~ /(\S+)\s+([0-9:.]+)(.+)/;

my $client = $data[-4];
splice @data, -4, 1, $client =~ /[^\s#]+/g;

print "$_\n" foreach @data;
}

__DATA__
28-Sep-2006 10:10:57.266update: info: client 192.168.1.170#33364: view
internal:
updating zone 'lan.linserv.co.za/IN': adding an RR at '
greg.lan.linserv.co.za' A"

**OUTPUT**

28-Sep-2006
10:10:57.266
update
info
client
192.168.1.170
33364
view internal
updating zone 'lan.linserv.co.za/IN'
adding an RR at 'greg.lan.linserv.co.za' A"

--
To unsubscribe, e-mail: beginners-unsubscribe@xxxxxxxx
For additional commands, e-mail: beginners-help@xxxxxxxx
<http://learn.perl.org/> <http://learn.perl.org/first-response>





--
Gregory Machin
gregory.machin@xxxxxxxxx
www.linuxpro.co.za

Relevant Pages

  • Re: please advise help with regex
    ... It works by splitting on, as I said, colon and whitespace, and then ... You also seem to want the client field split ... updating zone 'lan.linserv.co.za/IN': adding an RR at 'greg.lan.linserv.co.za' A" ...
    (perl.beginners)
  • Re: Threads, conditions, sockets, selects...
    ... need to send a 'U' 9 milliseconds later. ... client sends 'L' and blocks meaning the server upon availability of new ... client does some heavy duty CPU burning work on the data ...
    (comp.unix.programmer)
  • Re: Competition for OraPerf
    ... "Your average wait time for SQL*Net message from client events is 241 ... investigate consolidating your Oracle requests into larger TNS ... an average of 241 milliseconds for ... "You have excessive buffer busy waits with 3.1 per transaction. ...
    (comp.databases.oracle.server)
  • Re: please advise help with regex
    ... Gregory Machin top posts: ... internal: updating zone 'lan.linserv.co.za/IN': adding an RR at ' ...
    (perl.beginners)