清华大佬耗费三个月吐血整理的几百G的资源,免费分享!....>>>
#!Perl
sub handle_syslog()
{
my($arg) = @_;
my($result);
my($pid)=0;
my($prog);
my $evtid=0;
my $user = 0;
my $category;
die "the argument of syslog is empty" if ($arg eq "");
$arg=~/^\d{1,2}/;
my $facility = $&;
$arg=~/ \d{1} /;
$&=~/\d{1}/;
my $severity=$&;
$arg=~/\b\d[\d{1,3}\.]+\b\d{1,3}/;
my $ip=$&;
$arg=substr($arg, index($arg,$ip)+length($ip)+1);
my @tmp=&parse_time($arg);
my $tm=@tmp[0];
my $s=@tmp[1];
$arg=$s;
if ($arg=~/[A-Z a-z\/]+[:\[][ \d]+\b[:\]]/) {
$&=~/[A-Z a-z\/]+/;
$prog=$&;
if(length($prog) < 64) {
$arg=substr($arg, index($arg,$prog)+length($prog));
}else {
$prog="";
}
}
if($prog && $arg=~/[:\[][ \d]+\b[:\]]/){
$&=~/\d+/;
$pid=substr($&, 0, 6);
if($pid > 65536) {
$pid = 0;
}else {
$arg=substr($arg, index($arg,$pid)+length($pid));
}
}
if($prog && $arg=~/: \d+\b:/){
$&=~/\d+/;
$evtid=substr($&, 0, 6);
if($evtid > 65536) {
$evtid = 0;
} else {
$arg=substr($arg, index($arg,$evtid)+length($evtid));
}
}
if($arg=~/: [a-z]+:|: [a-z]+\\[a-z]+:|: [a-z]+ [a-z]+\\[a-z]+:/i){
$&=~/[^:]+/;
$user=$&;
if(length($user) < 64) {
$arg=substr($arg, index($arg, $user)+length($user));
}else {
$user = "";
}
}
if($arg=~/: .+\b:/i){
$&=~/[^:]+/i;
$category = $&;
if(length($category) > 64) {
$category = "";
}else {
$arg=substr($arg, index($arg, $category)+length($category)+2);
}
}
my $content=$arg;
if(length($content) > 1024) {
$arg=substr($content, 0, 1023);
$content=$arg;
}
my @facilitys=("kernel messages",
"user-level messages",
"mail system",
"system daemons",
"security/authorization messages (note 1)",
"messages generated internally by syslogd",
"line printer subsystem",
"network news subsystem",
"UUCP subsystem",
"clock daemon (note 2)",
"security/authorization messages (note 1)",
"FTP daemon",
"NTP subsystem",
"log audit (note 1)",
"log alert (note 1)",
"clock daemon (note 2)",
"local use 0 (local0)",
"local use 1 (local1)",
"local use 2 (local2)",
"local use 3 (local3)",
"local use 4 (local4)",
"local use 5 (local5)",
"local use 6 (local6)",
"local use 7 (local7)");
my @severitys=("Emergency",
"Alert",
"Critical",
"Error",
"Warning",
"Notice",
"Informational",
"Debug");
print "@facilitys[$facility], $severity, $ip, $tm, $prog, $pid, $evtid, $user, $category, $content\n";
$content=~s/'/''/g;
my $ret = "@facilitys[$facility]\n$severity\n$ip\n$tm\n$prog\n$pid\n$evtid\n$user\n$category\n$content";
undef @tmp;
undef @facilitys;
undef @serveritys;
undef $content;
undef $arg;
undef $ip;
undef $tm;
undef $severity;
undef $facility;
undef $prog;
undef $pid;
undef $evtid;
undef $user;
undef $category;
undef $dbh;
undef $sth;
return $ret;
}
sub parse_time()
{
my($arg)=@_;
my(@month)=("Jan","Feb", "Mar", "Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec");
my ($sec, $min, $hour, $day, $mon, $year, $wday, $yday, $isdst) = localtime();
$year+=1900;
$mon+=1;
my($tm)="$hour:$min:$sec";
if($arg=~/\b[A-Z][a-z]{2} +\d{1,2} [\d{2}:]+\b\d{2}/){
$arg=substr($arg, index($arg,$&)+length($&)+1);
$date=$&;
$date=~/\b[A-Z][a-z]{2}/;
for($n=0; $n<@month; $n++){
if($month[$n]=~/$&/){
$mon=$n+1;
last;
}
}
$date=~/\d{1,2}/;
$day=$&;
$date=~/[\d{2}:]+\b\d{2}/;
$tm=$&;
}elsif($arg=~/\b[A-Z][a-z]{2} +\d{1,2} +\d{2,4} [\d{2}:]+\b\d{2}/) {
$arg=substr($arg, index($arg,$&)+length($&)+1);
$date=$&;
$date=~/\b[A-Z][a-z]{2}/;
for($n=0; $n<@month; $n++){
if($month[$n]=~/$&/){
$mon=$n+1;
last;
}
}
$date=~/\d{1,2}/;
$day=$&;
$date=~/\d{1,2} +\d{2,4}/;
$&=~/\d{2,4}\z/;
$year=$&;
$date=~/[\d{2}:]+\b\d{2}/;
$tm=$&;
}elsif($arg=~/\b\d{2,4}-\d{1,2}-\d{1,2} +[\d{2}:]+\b\d{2}/) {
$arg=substr($arg, index($arg,$&)+length($&)+1);
$date=$&;
$date=~/\b\d{2,4}/;
$year=$&;
$date=~/-\d{1,2}-/;
$&=~/\d{1,2}/;
$mon=$&;
$date=~/-\d{1,2} +/;
$&=~/\d{1,2}/;
$day=$&;
$date=~/[\d{2}:]+\b\d{2}/;
$tm=$&;
}
$tm="$year-$mon-$day $tm";
my @tmp;
@tmp[0]=$tm;
@tmp[1]=$arg;
undef @month;
return @tmp;
}