are there any PHP scripts for parsing FTP logs 
September 5th, 2008, 02:15 AM
| | | |
I have to parse some FTP logs, which are full of several thousand
lines like this:
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?
|
September 5th, 2008, 02:55 AM
| | | | re: are there any PHP scripts for parsing FTP logs
lawrence k wrote: Quote:
I have to parse some FTP logs, which are full of several thousand
lines like this:
| <log snipped> Quote:
When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?
| Google might, but it's not too hard to do it yourself:
PHP standard string functions: http://php.net/manual/en/ref.strings.php
PCRE (don't use POSIX regex, it's slower and deprecated): http://php.net/manual/en/regexp.reference.php
--
Curtis |
September 5th, 2008, 07:25 PM
| | | | re: are there any PHP scripts for parsing FTP logs
Curtis wrote: Quote:
lawrence k wrote: Quote:
>I have to parse some FTP logs, which are full of several thousand
>lines like this:
| >
<log snipped>
> Quote:
>When a file is uploaded, I need to reconstruct from this log what the
>directory path is. Does anyone know if there is a PHP script that
>someone has already written that does this?
| >
Google might, but it's not too hard to do it yourself:
>
PHP standard string functions:
http://php.net/manual/en/ref.strings.php
>
PCRE (don't use POSIX regex, it's slower and deprecated):
http://php.net/manual/en/regexp.reference.php |
I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
And give me the correct answer, which is:
/intake/labels/redeye/634457502123
Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.
I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
-- lawrence krubner |
September 5th, 2008, 08:25 PM
| | | | re: are there any PHP scripts for parsing FTP logs
Lawrence Krubner wrote: Quote:
Curtis wrote: Quote:
>lawrence k wrote: Quote:
>>I have to parse some FTP logs, which are full of several thousand
>>lines like this:
| >>
><log snipped>
>> Quote:
>>When a file is uploaded, I need to reconstruct from this log what the
>>directory path is. Does anyone know if there is a PHP script that
>>someone has already written that does this?
| >>
>Google might, but it's not too hard to do it yourself:
>>
>PHP standard string functions:
>http://php.net/manual/en/ref.strings.php
>>
>PCRE (don't use POSIX regex, it's slower and deprecated):
>http://php.net/manual/en/regexp.reference.php | >
>
I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
| Whoops, yes, I misread your post. Quote:
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
>
>
And give me the correct answer, which is:
>
/intake/labels/redeye/634457502123
>
Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.
>
I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
| --
Curtis |
September 5th, 2008, 10:15 PM
| | | | re: are there any PHP scripts for parsing FTP logs
Lawrence Krubner wrote: Quote:
Curtis wrote: Quote:
>lawrence k wrote: Quote:
>>I have to parse some FTP logs, which are full of several thousand
>>lines like this:
| >>
><log snipped>
>> Quote:
>>When a file is uploaded, I need to reconstruct from this log what the
>>directory path is. Does anyone know if there is a PHP script that
>>someone has already written that does this?
| >>
>Google might, but it's not too hard to do it yourself:
>>
>PHP standard string functions:
>http://php.net/manual/en/ref.strings.php
>>
>PCRE (don't use POSIX regex, it's slower and deprecated):
>http://php.net/manual/en/regexp.reference.php | >
>
I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
>
>
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
>
>
And give me the correct answer, which is:
>
/intake/labels/redeye/634457502123
>
Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.
>
I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
>
>
-- lawrence krubner
>
>
>
>
>
>
| I don't know of any pre-written scripts like this, but I wouldn't think
it should be that hard.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. jstucklex@attglobal.net
================== |
September 6th, 2008, 01:25 AM
| | | | re: are there any PHP scripts for parsing FTP logs
On Sep 5, 8:19 pm, Lawrence Krubner <lawre...@krubner.comwrote: Quote:
Curtis wrote: Quote:
lawrence k wrote: Quote:
I have to parse some FTP logs, which are full of several thousand
lines like this:
| | >> Quote: Quote:
When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?
| | > Quote: |
Google might, but it's not too hard to do it yourself:
| >>>
I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
>
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
>
And give me the correct answer, which is:
>
/intake/labels/redeye/634457502123
>
Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.
>
I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
>
-- lawrence krubner
| Are you looking to reconstruct the mkdir commands or the CD commands? |
September 6th, 2008, 01:45 AM
| | | | re: are there any PHP scripts for parsing FTP logs
On Sep 5, 8:19 pm, Lawrence Krubner <lawre...@krubner.comwrote: Quote:
Curtis wrote: Quote:
lawrence k wrote: Quote:
I have to parse some FTP logs, which are full of several thousand
lines like this:
| | >> Quote: Quote:
When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?
| | > Quote: |
Google might, but it's not too hard to do it yourself:
| >>>
I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
>
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
>
And give me the correct answer, which is:
>
/intake/labels/redeye/634457502123
>
Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.
>
I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
>
-- lawrence krubner
| ok I'm assuming you just want to capture the CD commands. If so this
code should get you started.
<?php
$str = "Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command:
Client \"74.231.146.2\", \"TYPE A\"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD intake\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/intake\"\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD labels\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/labels\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD redeye\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/redeye\"\"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD 634457502123\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/634457502123\"\"";
//Use file("/path/to/file") to read the raw file into an array
$arrLines = explode("\n", $str);
$arrResults = array();
foreach ( $arrLines as $row )
{
preg_match_all ('/\[pid\s([0-9]+)\].*command\:.*CD\s(.*)"/si',
$row, $matches, PREG_SET_ORDER);
if ( is_array($matches[0]) )
{
$pid = $matches[0][1];
$dir = $matches[0][2];
$arrResults[$pid] .= "/" . $dir;
}
}
// To find out where pid 12952 went
print $arrResults[12952];
?>
What if they go back a directory and the into another. Do you need to
capture that as well? |
September 7th, 2008, 04:55 PM
| | | | re: are there any PHP scripts for parsing FTP logs
On Sep 6, 3:37*am, Nick S <nrsut...@gmail.comwrote: Quote:
On Sep 5, 8:19 pm, Lawrence Krubner <lawre...@krubner.comwrote:
>
>
> Quote:
Curtis wrote: Quote:
lawrence k wrote:
>I have to parse some FTP logs, which are full of several thousand
>lines like this:
| | >> Quote: Quote:
>When a file is uploaded, I need to reconstruct from this log what the
>directory path is. Does anyone know if there is a PHP script that
>someone has already written that does this?
| | > Quote: Quote: |
Google might, but it's not too hard to do it yourself:
| | >>> Quote:
I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
| > Quote:
Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
| > Quote: |
And give me the correct answer, which is:
| > Quote: |
/intake/labels/redeye/634457502123
| > Quote:
Bonus points for keeping track of the PID and the user, since many users
* actions might be intermixed in the logs.
| > Quote:
I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
| >>
ok I'm assuming you just want to capture the CD commands. *If so this
code should get you started.
>
<?php
* * $str = "Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP command:
Client \"74.231.146.2\", \"TYPE A\"
Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD intake\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/intake\"\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD labels\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/labels\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD redeye\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/redeye\"\"
Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD 634457502123\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/634457502123\"\"";
>
* * //Use file("/path/to/file") to read the raw file into an array
* * $arrLines = explode("\n", $str);
>
* * $arrResults = array();
* * foreach ( $arrLines as $row )
* * {
* * * * preg_match_all ('/\[pid\s([0-9]+)\].*command\:.*CD\s(.*)"/si',
$row, $matches, PREG_SET_ORDER);
>
* * * * if ( is_array($matches[0]) )
* * * * {
* * * * * * $pid = $matches[0][1];
* * * * * * $dir = $matches[0][2];
* * * * * * $arrResults[$pid] .= "/" . $dir;
* * * * }
* * }
>
* * // To find out where pid 12952 went
* * print $arrResults[12952];
>
?>
>
What if they go back a directory and the into another. *Do you need to
capture that as well?
| After $arrLines = explode("\n", $str); explode it again with
whitespaces then store it in a db-table, it would be useful when its
necessary for later complex queries.. |
September 7th, 2008, 04:55 PM
| | | | re: are there any PHP scripts for parsing FTP logs
On Sep 7, 5:47 pm, Betikci Boris <pard...@gmail.comwrote: Quote:
On Sep 6, 3:37 am, Nick S <nrsut...@gmail.comwrote:
>
>
> Quote: |
On Sep 5, 8:19 pm, Lawrence Krubner <lawre...@krubner.comwrote:
| > Quote: Quote:
Curtis wrote:
lawrence k wrote:
I have to parse some FTP logs, which are full of several thousand
lines like this:
| | >> Quote: Quote:
When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?
| | > Quote: Quote: |
Google might, but it's not too hard to do it yourself:
| | >>> Quote: Quote:
I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
| | > Quote: Quote:
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
| | > Quote: Quote: |
And give me the correct answer, which is:
| | > Quote: Quote: |
/intake/labels/redeye/634457502123
| | > Quote: Quote:
Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.
| | > Quote: Quote:
I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
| | >> Quote:
ok I'm assuming you just want to capture the CD commands. If so this
code should get you started.
| > Quote:
<?php
$str = "Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command:
Client \"74.231.146.2\", \"TYPE A\"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD intake\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/intake\"\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD labels\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/labels\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD redeye\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/redeye\"\"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD 634457502123\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/634457502123\"\"";
| > Quote:
//Use file("/path/to/file") to read the raw file into an array
$arrLines = explode("\n", $str);
| > Quote:
$arrResults = array();
foreach ( $arrLines as $row )
{
preg_match_all ('/\[pid\s([0-9]+)\].*command\:.*CD\s(.*)"/si',
$row, $matches, PREG_SET_ORDER);
| > Quote:
if ( is_array($matches[0]) )
{
$pid = $matches[0][1];
$dir = $matches[0][2];
$arrResults[$pid] .= "/" . $dir;
}
}
| > Quote:
// To find out where pid 12952 went
print $arrResults[12952];
| >> Quote:
What if they go back a directory and the into another. Do you need to
capture that as well?
| >
After $arrLines = explode("\n", $str); explode it again with
whitespaces then store it in a db-table, it would be useful when its
necessary for later complex queries..
| I tried that first but the pid has a space in it, that's why I went to
a regexp :) |  |
| | |  /bytes/about
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over 225,662 network members.
|
