preg_match_all计数IP从Apache日志文件地址

Question

我试图抓住从Apache日志文件中的IP地址和计数唯一的IP

这个Apache日志文件中有22.22.22.22超过10的时间和125.245.25.25不超过10时间

我试图获取IP只有超过10时在Apache日志文件

我的PHP代码

<?php 
    $iplist_file="/home/domain/public_html/iplist.txt"; 

    $iplist_file=file_get_contents($iplist_file); 

    preg_match_all('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/',$iplist_file,$a); 

    $count = count($a[0]); 
    echo "<b>Number of ip</b> = " .$count."<p>"; 
?> 

文本文件

22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
22.22.22.22 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
125.245.25.25 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
125.245.25.25 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
125.245.25.25 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 
125.245.25.25 - - [21/Jan/2016:17:06:31 +0300] "POST 1.php HTTP/1.1" 200 632 "mydomain.com" "Mozilla/5.0 (PlayStation 4 3.15) 

Answer 1

对于来自日志获取所有IP您可以使用此非常类似的正则表达式：

preg_match_all('/^(?P<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/m', $iplist_content, $matches); 

标志m是这里多模式（http://php.net/manual/en/reference.pcre.pattern.modifiers.php），?P<ip>命名捕获组 - 而不是$matches[1]我有$matches['ip']（这是没有必要的）。

正如我所说，在$matches['ip']你有所有的IP创建日志。为了算他们，你可以使用简单的循环，或者更好的你可以使用fnc array_count_values。

当我们把这一切都在一起，我们得到这样的：

<?php 

$iplist_file = "/home/domain/public_html/iplist.txt"; 
$iplist_content = file_get_contents($iplist_file); 

preg_match_all('/^(?P<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/m', $iplist_content, $matches); 

foreach (array_count_values($matches['ip']) as $ip => $count) { 
    print $ip . ': ' . $count . '<br>'; 
}