I'm trying to parse a log fortinet in PHP. I taked a log example from the Fortinet's cookbook.
This is my code with the regex. I want to create an array that has the type of value as index and than his value. For example: [date]=>2019-05-10 [time]=>11:50:48 ... [srcip]=>172.16.200.254
$regex = '/[a-zA-Z]+=[0-9]{4}-[0-9]{2}-[0-9]{2} [a-zA-Z]+=[0-9]{2}:[0-9]{2}:[0-9]{2}(\\.[0-9]{1,3})? [a-zA-Z]+="[^"]*" [a-zA-Z]+="[a-zA-Z]+" [a-zA-Z]+="[^"]*" [a-zA-Z]+="[^"]*" [a-zA-Z]+="[^"]*" [a-zA-Z]+=[0-9]+ [a-zA-Z]+=\\b(?:(?:2(?:[0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9])\\.){3}(?:(?:2([0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9]))\\b [a-zA-Z]+=[0-9]+ [a-zA-Z]+="[^"]*" [a-zA-Z]+="[^"]*" [a-zA-Z]+=\\b(?:(?:2(?:[0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9])\\.){3}(?:(?:2([0-4][0-9]|5[0-5])|[0-1]?[0-9]?[0-9]))\\b [a-zA-Z]+=[0-9]+ [a-zA-Z]+="[^"]*" [a-zA-Z]+="[^"]*" [a-zA-Z]+=[0-9]+ [a-zA-Z]+=[0-9]+ [a-zA-Z]+="[^"]*" [a-zA-Z]+=[0-9]+ [a-zA-Z]+="[^"]*" [a-zA-Z]+="[^"]*" [a-zA-Z]+="[^"]*" [a-zA-Z]+="[^"]*" [a-zA-Z]+="[^"]*" [a-zA-Z]+="[^"]*" [a-zA-Z]+=[0-9]+ [a-zA-Z]+=[0-9]+ [a-zA-Z]+=[0-9]+ [a-zA-Z]+=[0-9]+ [a-zA-Z]+=[0-9]+ [a-zA-Z]+="[^"]*"/i';
$str = 'date=2019-05-10 time=11:50:48 logid="0001000014" type="traffic" subtype="local" level="notice" vd="vdom1" eventtime=1557514248379911176 srcip=172.16.200.254 srcport=62024 srcintf="port11" srcintfrole="undefined" dstip=172.16.200.2 dstport=443 dstintf="vdom1" dstintfrole="undefined" sessionid=107478 proto=6 action="server-rst" policyid=0 policytype="local-in-policy" service="HTTPS" dstcountry="Reserved" srccountry="Reserved" trandisp="noop" app="Web Management(HTTPS)" duration=5 sentbyte=1247 rcvdbyte=1719 sentpkt=5 rcvdpkt=6 appcat="unscanned"';
preg_match_all($regex, $str, $matches, PREG_SET_ORDER, 0);
var_dump($matches);
My Answer:
"2021-10-25", [time]="15:30:00", [log_id]="0000000001", [log_type]="utm", [subtype]="app-ctrl", [event_type]="app-ctrl-all", [level]="notice", [vd]="root", [event_time]="2021-10-25 15:30:00", [policy_id]="0", [user]="N/A", [src_ip]="192.168.1.1", [dst_ip]="8.8.8.8", [src_port]="12345", [dst_port]="80", [proto]="6", [service]="80", [direction]="outgoing", [action]="pass", [policy_id]="0", [policy_name]="N/A", [profile]="N/A", [ref]="N/A", [sent]="0", [rcvd]="0", [sent_pkt]="0", [rcvd_pkt]="0"
Rate this post
4 of 5 based on 1825 votesComments