regex challenge

[paul]

ok all you terminal addicts :)

here's what I got

IPT - INPUT packet died: IN=eth0 OUT= MAC=00:16:3e:0b:fc:c3:00:05:85:f3:b8:9d:08:00 SRC=60.239.11.173 DST=140.211.166.36 LEN=48 TOS=0x00 PREC=0x20 TTL=114 ID=28281 DF PROTO=TCP SPT=3733 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0

 

that is currently sitting in a mysql table (iptables.syslogs.msg)

select msg from iptables.syslogs limit 1;

gets you that nice chunk of text :)

 

now here's what I want to do with it.

I want to create an array (or list of variables). and each key/value pair should correspond KEY=VALUE in the text

if KEY has no "=" then KEY=KEY

example:

IPT=IPT

INPUT=INPUT

packet=packet

died:=died:

IN=eth0

OUT=

MAC=00:16 (can't be bothered typing the rest)

SRC=60.whatever...

 

get the idea?

 

would prefer to do this in php, but bash/grep/sed will work too I guess

 

chocolate fish to the person who can help me :)

[uralmasha]

Paul, you want to have it as a one-liner? If so, I cant help you. Otherwise, would

splitting on whitespace and/or dash, and checking the values before pushing them into array suffice? You can make it a 5-liner, something like this:

<?php
	$the_string='IPT - INPUT packet died: IN=eth0 OUT= MAC=00:16:3e:0b:fc:c3:00:05:85:f3:b8:9d:08:00 SRC=60.239.11.173 DST=140.211.166.36 LEN=48 TOS=0x00 PREC=0x20 TTL=114 ID=28281 DF PROTO=TCP SPT=3733 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0';

   $the_array=preg_split('/\s|-/',$the_string,-1,PREG_SPLIT_NO_EMPTY);

	$the_hash=array();

	foreach ($the_array as $val) {
			list($newkey,$newval) = explode('=',$val);
			if (isset($newkey)) {
			  $the_hash["$newkey"] = isset($newval)? $newval :$newkey;
			}
	}
	print_r($the_hash);
?>

[paul]

very nice work indeed ... one chocolate fish for you ....

 

I'll run it over a few lines of my logs and see if it fails anywhere.

 

thanks.

[neddie]

Nice one, uralmasha!

[uralmasha]

you're welcome :)