Regular Expressions 101

Community Patterns

xferlog parser (proftpd, ftpd, vsftpd, etc..)

3

Regular Expression
PCRE (PHP <7.3)

/
(?<time>\w{3} \w{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}) (?<xferTime>\d*) (?<remoteHost>\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b) (?<fileSize>\d*) (?<fileName>\S*) (?<transferType>[a|b]) (?<specialActionFlag>\S{1}) (?<direction>\S{1}) (?<accessMode>\S{1}) (?<userName>\S*) (?<serviceName>\S*) (?<authenticationMethod>\S*) (?<authenticatedUserId>\S*) (?<completionStatus>\S*)
/
g

Description

This pulls out all the fields from a standard xferlog format log. Format specified here http://www.castaglia.org/proftpd/doc/xferlog.html

Submitted by Robin Kearney - 10 years ago