TalkPHP - Samba log parser

TalkPHP (http://www.talkphp.com/forums.php)

- Advanced PHP Programming (http://www.talkphp.com/advanced-php-programming/)

- - Samba log parser (http://www.talkphp.com/advanced-php-programming/2979-samba-log-parser.html)

Samba log parser

Hey guys

Im looking to write a script to parse my samba logs and insert the data into a database. Problem is the text file samba writes, records arent placed on one line so it could go from 2 to 3 to even 5 lines per record. Each record is different so a similar exploding point isnt possible. Please give me some ideas of how one would seperate this data.

Example Records:

[2008/04/10 08:09:44, 0] lib/util_sock.c:get_peer_addr(1229)
getpeername failed. Error was Transport endpoint is not connected
[2008/04/30 11:51:36, 0] smbd/server.c:main(847)
smbd version 3.0.23d-6-1083-SUSE-SL10.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2006

Any input is appreciated :)

The only problem I see with my code is if a square bracket appears in the error description somewhere. If not then it will work fine. If, however, it does appear in the description, I'm not sure a way around it. You could possibly narrow it down by checking if the square bracket is at the beginning of a new line.

PHP Code:


		
			
$szSamba = <<<TP

[2008/04/10 08:09:44, 0] lib/util_sock.c:get_peer_addr(1229)
getpeername failed. Error was Transport endpoint is not connected
[2008/04/30 11:51:36, 0] smbd/server.c:main(847)
smbd version 3.0.23d-6-1083-SUSE-SL10.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
[2008/04/10 08:09:44, 0] lib/util_sock.c:get_peer_addr(1229)
getpeername failed. Error was Transport endpoint is not connected
[2008/04/30 11:51:36, 0] smbd/server.c:main(847)
smbd version 3.0.23d-6-1083-SUSE-SL10.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2006

TP;

preg_match_all('~\[(.+?)\]([^\[]+)~ix', $szSamba, $aMatches);
print_r($aMatches);

Going from multiple lines of a record to 1 line makes my life so much easier thanks Wildhoney :)