Regexp::Log(3pm) | User Contributed Perl Documentation | Regexp::Log(3pm) |
Regexp::Log - A base class for log files regexp builders
my $foo = Regexp::Log::Foo->new( format => 'custom %a %b %c/%d', capture => [qw( host code )], ); # the format() and capture() methods can be used to set or get $foo->format('custom %g %e %a %w/%s %c'); $foo->capture(qw( host code )); # this is necessary to know in which order # we will receive the captured fields from the regexp my @fields = $foo->capture; # the all-powerful capturing regexp :-) my $re = $foo->regexp; while (<>) { my %data; @data{@fields} = /$re/; # no need for /o, it's a compiled regexp # now munge the fields ... }
Regexp::Log is a base class for a variety of modules that generate regular expressions for performing the usual data munging tasks on log files that cannot be simply split().
The goal of this module family is to compute regular expressions based on the configuration string of the log.
Please note that there is nothing useful you can do with Regexp::Log! Use one of its derived classes!
The following methods are available, and form the general API for the derived classes.
Please note that all the accessors return the new value, if used to set.
The default arguments are:
format - the format of the log line capture - the name of the fields to capture with the regexp (given as an array ref) comments - leave the (?#=name) ... (?#!name) comments in the regexp anchor_line - include begin (^) and end ($) anchor in the regexp modifiers - include the modifiers into regexp
Other arguments (and the corresponding accessors) can be defined in derived classes.
The method returns the list of actually captured fields, in the same order as the regular expression captures.
The special tags ":none" and ":all" can be used to capture none or all of the fields. ":none" can also be used to reset a capture list, as shown in the following example:
my $log = Regexp::Log::Foo->new( format => $format ); # create a regexp that will capture gmttime and host $log->capture(qw( gmttime host )); my $re1 = $log->regexp; # captures gmttime and host # add username to the list of captured fields $log->capture(qw( username )); my $re2 = $log->regexp; # captures gmttime, host and username # start afresh and capture username and uri $log->capture(qw( :none username uri )); my $re3 = $log->regexp; # captures username and uri
When used to set, this method returns the new list of captured fields, in capture order.
For complex subclasses making a lot of modifications in _preprocess() and _postprocess(), the result may not be accurate.
The result of fields() is therefore given for information only.
Comments are removed by default.
If "debug" is set, each time a field (or subfield) is matched, its name (followed by a space) is printed on STDERR. A newline is printed at the beginning of the search. This lets you see where the regexp backtracks, and watch all its attempts to match something. Useful but usually very verbose.
This is mainly useful when writing a new Regexp::Log subclass.
This section explains how to create new subclasses of Regexp::Log.
To implement a Regexp::Log::Foo class, you need to create a package that defines the appropriate class variables, as in the following example (this is the complete code for Regexp::Log::Foo!):
package Regexp::Log::Foo; use base qw( Regexp::Log ); use vars qw( $VERSION %DEFAULT %FORMAT %REGEXP ); $VERSION = 0.01; # default values %DEFAULT = ( format => '%d %c %b', capture => [ 'c' ], ); # predefined format strings %FORMAT = ( ':default' => '%a %b %c', ); # the regexps that match the various fields # this is the difficult part %REGEXP = ( '%a' => '(?#=a)\d+(?#!a)', '%b' => '(?#=b)th(?:is|at)(?#!b)', '%c' => '(?#=c)(?#=cs)\w+(?#!cs)/(?#=cn)\d+(?#!cn)(?#!c)', '%d' => '(?#=d)(?:foo|bar|baz)(?#!d)', ); # Note that the three hashes (%DEFAULT, %FORMAT and %REGEXP) # MUST be defined, even if they are empty. # the _regexp field is an internal field used as a template # by the regexp() # the _preprocess method is used to modify the format string # before the fields are expanded to their regexp value sub _preprocess { my $self = shift; # multiple consecutive spaces in the format are compressed # to a single space $self->{_regexp} =~ s/ +/ /g; } # the _postprocess method is used to modify the format string # after the fields are expanded to their regexp value 1;
Please note that the _preprocess() and _postprocess() method should only modify the "_regexp" attribute.
The comments are removed after _postprocess() is run, if "comments" is set to a false value.
You may have noticed the presence of "(?#...)" regexp comments in the previous example. These are used by Regexp::Log to identify the different parts of the log line and compute a regular expression that can capture them.
These comments work just like HTML tags: "(?#=bar)" marks the beginning of a field named bar, and "(?#!bar)" marks the end of the field.
You'll also notice that %c is split in two subfields: "cs" and "cn", which have their own tags.
Consider the following example script:
my $log = Regexp::Log::Foo->new( format => ':default', capture => [ qw( c cn ) ], ); my $re = $log->regexp; my @fields = $log->capture(); while(<>) { my @data; @data{@fields} = (/$re/g); # some more code }
The %data hash will have two keys: "c" and "cn", even though "c" already holds the information in "cn". This gives log mungers a lot of flexibility in what they can get from their log lines, with no added work. Lazyness is a virtue.
Important notes:
If a subclass that is available from CPAN is buggy or incomplete, or does not exactly fit your log files, it's very easy to add to a Regexp::Log subclass from within your scripts.
Imagine that the %d element of our Regexp::Log::Foo module is incomplete, because it does not match the string "fu" that appears occasionaly (maybe the Regexp::Log::Foo developper didn't know?). Or that you patched the Foo software so that your own version creates non-standard log files.
After emailing the patch to the author, you can temporarily fix your script by adding the following line:
$Regexp::Log::Foo::REGEXP{'%d'} = '(?#=d)(?:fu|foo|bar|baz)(?#!d)'
That is to say, by replacing the %d entry in the subclass' %REGEXP hash.
Probably. Most of them should be in the derived classes, though.
The t/20debug.t test file fails with Perl 5.6.0 and 5.6.1. I have no idea why, but it may be linked to the use of the "(?{ ... })" regexp construct in the debugging code.
Philippe 'BooK' Bruhat <book@cpan.org>.
This module is free software; you can redistribute it or modify it under the same terms as Perl itself.
2022-06-17 | perl v5.34.0 |