By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,746 Members | 1,924 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,746 IT Pros & Developers. It's quick & easy.

are there any PHP scripts for parsing FTP logs

P: n/a
I have to parse some FTP logs, which are full of several thousand
lines like this:

Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?

Sep 5 '08 #1
Share this Question
Share on Google+
8 Replies


P: n/a
lawrence k wrote:
I have to parse some FTP logs, which are full of several thousand
lines like this:
<log snipped>
When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?
Google might, but it's not too hard to do it yourself:

PHP standard string functions:
http://php.net/manual/en/ref.strings.php

PCRE (don't use POSIX regex, it's slower and deprecated):
http://php.net/manual/en/regexp.reference.php

--
Curtis
Sep 5 '08 #2

P: n/a
Curtis wrote:
lawrence k wrote:
>I have to parse some FTP logs, which are full of several thousand
lines like this:

<log snipped>
>When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?

Google might, but it's not too hard to do it yourself:

PHP standard string functions:
http://php.net/manual/en/ref.strings.php

PCRE (don't use POSIX regex, it's slower and deprecated):
http://php.net/manual/en/regexp.reference.php

I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
And give me the correct answer, which is:

/intake/labels/redeye/634457502123

Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.

I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
-- lawrence krubner

Sep 5 '08 #3

P: n/a
Lawrence Krubner wrote:
Curtis wrote:
>lawrence k wrote:
>>I have to parse some FTP logs, which are full of several thousand
lines like this:

<log snipped>
>>When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?

Google might, but it's not too hard to do it yourself:

PHP standard string functions:
http://php.net/manual/en/ref.strings.php

PCRE (don't use POSIX regex, it's slower and deprecated):
http://php.net/manual/en/regexp.reference.php


I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
Whoops, yes, I misread your post.
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
And give me the correct answer, which is:

/intake/labels/redeye/634457502123

Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.

I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
--
Curtis
Sep 5 '08 #4

P: n/a
Lawrence Krubner wrote:
Curtis wrote:
>lawrence k wrote:
>>I have to parse some FTP logs, which are full of several thousand
lines like this:

<log snipped>
>>When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?

Google might, but it's not too hard to do it yourself:

PHP standard string functions:
http://php.net/manual/en/ref.strings.php

PCRE (don't use POSIX regex, it's slower and deprecated):
http://php.net/manual/en/regexp.reference.php


I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
And give me the correct answer, which is:

/intake/labels/redeye/634457502123

Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.

I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
-- lawrence krubner

I don't know of any pre-written scripts like this, but I wouldn't think
it should be that hard.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 5 '08 #5

P: n/a
On Sep 5, 8:19 pm, Lawrence Krubner <lawre...@krubner.comwrote:
Curtis wrote:
lawrence k wrote:
I have to parse some FTP logs, which are full of several thousand
lines like this:
<log snipped>
When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?
Google might, but it's not too hard to do it yourself:
PHP standard string functions:
http://php.net/manual/en/ref.strings.php
PCRE (don't use POSIX regex, it's slower and deprecated):
http://php.net/manual/en/regexp.reference.php

I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:

Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""

And give me the correct answer, which is:

/intake/labels/redeye/634457502123

Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.

I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.

-- lawrence krubner
Are you looking to reconstruct the mkdir commands or the CD commands?
Sep 6 '08 #6

P: n/a
On Sep 5, 8:19 pm, Lawrence Krubner <lawre...@krubner.comwrote:
Curtis wrote:
lawrence k wrote:
I have to parse some FTP logs, which are full of several thousand
lines like this:
<log snipped>
When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?
Google might, but it's not too hard to do it yourself:
PHP standard string functions:
http://php.net/manual/en/ref.strings.php
PCRE (don't use POSIX regex, it's slower and deprecated):
http://php.net/manual/en/regexp.reference.php

I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:

Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""

And give me the correct answer, which is:

/intake/labels/redeye/634457502123

Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.

I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.

-- lawrence krubner
ok I'm assuming you just want to capture the CD commands. If so this
code should get you started.

<?php
$str = "Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command:
Client \"74.231.146.2\", \"TYPE A\"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD intake\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/intake\"\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD labels\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/labels\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD redeye\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/redeye\"\"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD 634457502123\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/634457502123\"\"";

//Use file("/path/to/file") to read the raw file into an array
$arrLines = explode("\n", $str);

$arrResults = array();
foreach ( $arrLines as $row )
{
preg_match_all ('/\[pid\s([0-9]+)\].*command\:.*CD\s(.*)"/si',
$row, $matches, PREG_SET_ORDER);

if ( is_array($matches[0]) )
{
$pid = $matches[0][1];
$dir = $matches[0][2];
$arrResults[$pid] .= "/" . $dir;
}
}

// To find out where pid 12952 went
print $arrResults[12952];

?>

What if they go back a directory and the into another. Do you need to
capture that as well?
Sep 6 '08 #7

P: n/a
On Sep 6, 3:37*am, Nick S <nrsut...@gmail.comwrote:
On Sep 5, 8:19 pm, Lawrence Krubner <lawre...@krubner.comwrote:
Curtis wrote:
lawrence k wrote:
>I have to parse some FTP logs, which are full of several thousand
>lines like this:
<log snipped>
>When a file is uploaded, I need to reconstruct from this log what the
>directory path is. Does anyone know if there is a PHP script that
>someone has already written that does this?
Google might, but it's not too hard to do it yourself:
PHP standard string functions:
>http://php.net/manual/en/ref.strings.php
PCRE (don't use POSIX regex, it's slower and deprecated):
>http://php.net/manual/en/regexp.reference.php
I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
And give me the correct answer, which is:
/intake/labels/redeye/634457502123
Bonus points for keeping track of the PID and the user, since many users
* actions might be intermixed in the logs.
I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
-- lawrence krubner

ok I'm assuming you just want to capture the CD commands. *If so this
code should get you started.

<?php
* * $str = "Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP command:
Client \"74.231.146.2\", \"TYPE A\"
Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD intake\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/intake\"\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD labels\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/labels\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD redeye\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/redeye\"\"
Thu Sep *4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD 634457502123\"
Thu Sep *4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/634457502123\"\"";

* * //Use file("/path/to/file") to read the raw file into an array
* * $arrLines = explode("\n", $str);

* * $arrResults = array();
* * foreach ( $arrLines as $row )
* * {
* * * * preg_match_all ('/\[pid\s([0-9]+)\].*command\:.*CD\s(.*)"/si',
$row, $matches, PREG_SET_ORDER);

* * * * if ( is_array($matches[0]) )
* * * * {
* * * * * * $pid = $matches[0][1];
* * * * * * $dir = $matches[0][2];
* * * * * * $arrResults[$pid] .= "/" . $dir;
* * * * }
* * }

* * // To find out where pid 12952 went
* * print $arrResults[12952];

?>

What if they go back a directory and the into another. *Do you need to
capture that as well?
After $arrLines = explode("\n", $str); explode it again with
whitespaces then store it in a db-table, it would be useful when its
necessary for later complex queries..
Sep 7 '08 #8

P: n/a
On Sep 7, 5:47 pm, Betikci Boris <pard...@gmail.comwrote:
On Sep 6, 3:37 am, Nick S <nrsut...@gmail.comwrote:
On Sep 5, 8:19 pm, Lawrence Krubner <lawre...@krubner.comwrote:
Curtis wrote:
lawrence k wrote:
I have to parse some FTP logs, which are full of several thousand
lines like this:
<log snipped>
When a file is uploaded, I need to reconstruct from this log what the
directory path is. Does anyone know if there is a PHP script that
someone has already written that does this?
Google might, but it's not too hard to do it yourself:
PHP standard string functions:
http://php.net/manual/en/ref.strings.php
PCRE (don't use POSIX regex, it's slower and deprecated):
http://php.net/manual/en/regexp.reference.php
I think you misunderstood me. I probably did not explain myself well.
What I want is a script that can take a few thousand lines that look
like this:
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command: Client
"74.231.146.2", "TYPE A"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/intake""
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/labels"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "CD redeye"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/redeye""
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
"74.231.146.2", "200 Switching to ASCII mode."
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
"74.231.146.2", "PWD"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
"74.231.146.2", "257 "/634457502123""
And give me the correct answer, which is:
/intake/labels/redeye/634457502123
Bonus points for keeping track of the PID and the user, since many users
actions might be intermixed in the logs.
I realize I can do this with PHP string functions, but I'm wondering if
someone has already done it. Seems like it would be a lot of work to do
the script that I'm envisioning.
-- lawrence krubner
ok I'm assuming you just want to capture the CD commands. If so this
code should get you started.
<?php
$str = "Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP command:
Client \"74.231.146.2\", \"TYPE A\"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD intake\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/intake\"\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD labels\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/labels\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD redeye\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/redeye\"\"
Thu Sep 4 11:39:04 2008 [pid 12977] [redeye] FTP response: Client
\"74.231.146.2\", \"200 Switching to ASCII mode.\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"PWD\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP command: Client
\"74.231.146.2\", \"CD 634457502123\"
Thu Sep 4 11:39:07 2008 [pid 12952] [redeye] FTP response: Client
\"74.231.146.2\", \"257 \"/634457502123\"\"";
//Use file("/path/to/file") to read the raw file into an array
$arrLines = explode("\n", $str);
$arrResults = array();
foreach ( $arrLines as $row )
{
preg_match_all ('/\[pid\s([0-9]+)\].*command\:.*CD\s(.*)"/si',
$row, $matches, PREG_SET_ORDER);
if ( is_array($matches[0]) )
{
$pid = $matches[0][1];
$dir = $matches[0][2];
$arrResults[$pid] .= "/" . $dir;
}
}
// To find out where pid 12952 went
print $arrResults[12952];
?>
What if they go back a directory and the into another. Do you need to
capture that as well?

After $arrLines = explode("\n", $str); explode it again with
whitespaces then store it in a db-table, it would be useful when its
necessary for later complex queries..
I tried that first but the pid has a space in it, that's why I went to
a regexp :)
Sep 7 '08 #9

This discussion thread is closed

Replies have been disabled for this discussion.