tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-23 18:07:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added support to filter for dynamic fields within the logstream database sources.

Browse Source 
This was not possible yet. The filtering also has a secure end timer, which avoids
that the timelimit hits the script.
This commit is contained in:
Andre Lorbach 2008-10-27 14:42:21 +01:00
parent 5faad8d2fd
commit c4a8889a09
5 changed files with 371 additions and 331 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
src/classes/logstream.class.php
View File

@ -259,6 +259,219 @@ abstract class LogStream {
return SUCCESS;
}
/**
* Implementation of ApplyFilters which can be used by all LogStream Classes!
* This function performs a check on the filters and actually triggers the
* syslog parsers as well.
*/
public function ApplyFilters($myResults, &$arrProperitesOut)
{
// IF result was unsuccessfull, return success - nothing we can do here.
if ( $myResults >= ERROR )
return SUCCESS;
// Process all filters
if ( $this->_filters != null )
{
// Evaluation default for now is true
$bEval = true;
// Loop through set properties
foreach( $arrProperitesOut as $propertyname => $propertyvalue )
{
// TODO: NOT SURE IF THIS WILL WORK ON NUMBERS AND OTHER TYPES RIGHT NOW
if (
array_key_exists($propertyname, $this->_filters) &&
isset($propertyvalue) /* &&
!(is_string($propertyvalue) && strlen($propertyvalue) <= 0) /* Negative because it only matters if the propvalure is a string*/
)
{
// Extra var needed for number checks!
$bIsOrFilter = false; // If enabled we need to check for numbereval later
$bOrFilter = false;
// Found something to filter, so do it!
foreach( $this->_filters[$propertyname] as $myfilter )
{
switch( $myfilter[FILTER_TYPE] )
{
case FILTER_TYPE_STRING:
// Only filter if value is non zero
if ( strlen($propertyvalue) > 0 && strlen($myfilter[FILTER_VALUE]) > 0 )
{
// If Syslog message, we have AND handling!
if ( $propertyname == SYSLOG_MESSAGE )
{
// Include Filter
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
$bEval = false;
}
// Exclude Filter
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bEval = false;
}
}
// Otherwise we use OR Handling!
else
{
// Include Filter
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
// Set isOrFilter to true in this case
$bIsOrFilter = true;
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
{
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
$bOrFilter = true;
}
else
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bOrFilter = true;
}
}
// Exclude Filter - handeled with AND filtering!
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
{
// if ( strtolower($propertyvalue) != strtolower($myfilter[FILTER_VALUE]) )
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
$bEval = false;
}
else
{
// if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bEval = false;
}
}
break;
}
}
else
{
// Either filter value or property value was empty!
// This means we have no match
$bEval = false;
}
break;
case FILTER_TYPE_NUMBER:
$bIsOrFilter = true; // Default is set to TRUE
if ( is_numeric($arrProperitesOut[$propertyname]) )
{
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
$bOrFilter = true;
else
$bOrFilter = false;
}
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
$bOrFilter = false;
else
$bOrFilter = true;
}
}
else
{
// If wanted, we treat this filter as a success!
if ( GetConfigSetting("TreatNotFoundFiltersAsTrue", 0, CFGLEVEL_USER) == 1 )
$bOrFilter = true;
else
$bOrFilter = false;
}
break;
case FILTER_TYPE_DATE:
// Get Log TimeStamp
$nLogTimeStamp = $arrProperitesOut[$propertyname][EVTIME_TIMESTAMP];
if ( $myfilter[FILTER_DATEMODE] == DATEMODE_LASTX )
{
// Get current timestamp
$nNowTimeStamp = time();
if ( $myfilter[FILTER_VALUE] == DATE_LASTX_HOUR )
$nLastXTime = 60 * 60; // One Hour!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_12HOURS )
$nLastXTime = 60 * 60 * 12; // 12 Hours!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_24HOURS )
$nLastXTime = 60 * 60 * 24; // 24 Hours!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_7DAYS )
$nLastXTime = 60 * 60 * 24 * 7; // 7 days
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_31DAYS )
$nLastXTime = 60 * 60 * 24 * 31; // 31 days
else
// WTF default?
$nLastXTime = 86400;
// If Nowtime + LastX is higher then the log timestamp, the this logline is to old for us.
if ( ($nNowTimeStamp - $nLastXTime) > $nLogTimeStamp )
$bEval = false;
}
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM )
{
// Get filter timestamp!
$nFromTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
// If logtime is smaller then FromTime, then the Event is outside of our scope!
if ( $nLogTimeStamp < $nFromTimeStamp )
$bEval = false;
}
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO )
{
// Get filter timestamp!
// echo $myfilter[FILTER_VALUE];
$nToTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
// If logtime is smaller then FromTime, then the Event is outside of our scope!
if ( $nLogTimeStamp > $nToTimeStamp )
$bEval = false;
}
break;
default:
// TODO!
break;
}
}
// If was number filter, we apply it the evaluation.
if ( $bIsOrFilter )
$bEval &= $bOrFilter;
if ( !$bEval )
{
// unmatching filter, reset property array
foreach ( $this->_arrProperties as $property )
$arrProperitesOut[$property] = '';
// return error!
return ERROR_FILTER_NOT_MATCH;
}
}
}
// Reached this point means filters did match!
return SUCCESS;
}
else // No filters at all means success!
return SUCCESS;
}
/*
* --- PIRVATE HELPERS!
*/
/**
* Helper function to parse filters into a useful filter array we can work with.
*/
@ -816,6 +1029,7 @@ abstract class LogStream {
return -1;
}
}
}
?>

20
src/classes/logstreamdb.class.php
View File

@ -210,12 +210,15 @@ class LogStreamDB extends LogStream {
public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true)
{
// Helpers needed for DB Mapping
global $content, $gl_starttime;
global $dbmapping, $fields;
$szTableType = $this->_logStreamConfigObj->DBTableType;
// define $ret
$ret = SUCCESS;
do
{
// No buffer? then read from DB!
if ( $this->bufferedRecords == null )
$ret = $this->ReadNextRecordsFromDB($uID);
@ -236,7 +239,6 @@ class LogStreamDB extends LogStream {
$ret = ERROR_NOMORERECORDS;
}
}
if ( $ret == SUCCESS )
{
// Init and set variables
@ -272,6 +274,22 @@ class LogStreamDB extends LogStream {
$this->_currentRecordNum++;
}
// Check how long we are running. If only two seconds of execution time are left, we abort further reading!
$scriptruntime = intval(microtime_float() - $gl_starttime);
if ( $scriptruntime > ($content['MaxExecutionTime']-2) )
{
// This may display a warning message, so the user knows we stopped reading records because of the script timeout.
$content['logstream_warning'] = "false";
$content['logstream_warning_details'] = $content['LN_WARNING_LOGSTREAMDISK_TIMEOUT'];
$content['logstream_warning_code'] = ERROR_FILE_NOMORETIME;
// Return error code
return ERROR_FILE_NOMORETIME;
}
// This additional filter check will take care on dynamic fields from the message parser!
} while ( $this->ApplyFilters($ret, $arrProperitesOut) != SUCCESS && $ret == SUCCESS );
// reached here means return result!
return $ret;
}

210
src/classes/logstreamdisk.class.php
View File

@ -699,215 +699,5 @@ class LogStreamDisk extends LogStream {
$this->_p_buffer = -1;
}
/**
* Implementation of ApplyFilters in the LogSTreamDisk Class.
* This function performs a check on the filters and actually triggers the
* syslog parsers as well.
*/
protected function ApplyFilters($myResults, &$arrProperitesOut)
{
// IF result was unsuccessfull, return success - nothing we can do here.
if ( $myResults >= ERROR )
return SUCCESS;
// Process all filters
if ( $this->_filters != null )
{
// Evaluation default for now is true
$bEval = true;
// Loop through set properties
foreach( $arrProperitesOut as $propertyname => $propertyvalue )
{
// TODO: NOT SURE IF THIS WILL WORK ON NUMBERS AND OTHER TYPES RIGHT NOW
if (
array_key_exists($propertyname, $this->_filters) &&
isset($propertyvalue) /* &&
!(is_string($propertyvalue) && strlen($propertyvalue) <= 0) /* Negative because it only matters if the propvalure is a string*/
)
{
// Extra var needed for number checks!
$bIsOrFilter = false; // If enabled we need to check for numbereval later
$bOrFilter = false;
// Found something to filter, so do it!
foreach( $this->_filters[$propertyname] as $myfilter )
{
switch( $myfilter[FILTER_TYPE] )
{
case FILTER_TYPE_STRING:
// Only filter if value is non zero
if ( strlen($propertyvalue) > 0 && strlen($myfilter[FILTER_VALUE]) > 0 )
{
// If Syslog message, we have AND handling!
if ( $propertyname == SYSLOG_MESSAGE )
{
// Include Filter
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
$bEval = false;
}
// Exclude Filter
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bEval = false;
}
}
// Otherwise we use OR Handling!
else
{
// Include Filter
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
// Set isOrFilter to true in this case
$bIsOrFilter = true;
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
{
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
$bOrFilter = true;
}
else
{
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bOrFilter = true;
}
}
// Exclude Filter - handeled with AND filtering!
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( $myfilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL )
{
// if ( strtolower($propertyvalue) != strtolower($myfilter[FILTER_VALUE]) )
if ( strtolower($propertyvalue) == strtolower($myfilter[FILTER_VALUE]) )
$bEval = false;
}
else
{
// if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) === false )
if ( stripos($propertyvalue, $myfilter[FILTER_VALUE]) !== false )
$bEval = false;
}
}
break;
}
}
else
{
// Either filter value or property value was empty!
// This means we have no match
$bEval = false;
}
break;
case FILTER_TYPE_NUMBER:
$bIsOrFilter = true; // Default is set to TRUE
if ( is_numeric($arrProperitesOut[$propertyname]) )
{
if ( $myfilter[FILTER_MODE] & FILTER_MODE_INCLUDE )
{
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
$bOrFilter = true;
else
$bOrFilter = false;
}
else if ( $myfilter[FILTER_MODE] & FILTER_MODE_EXCLUDE )
{
if ( $myfilter[FILTER_VALUE] == $arrProperitesOut[$propertyname] )
$bOrFilter = false;
else
$bOrFilter = true;
}
}
else
{
// If wanted, we treat this filter as a success!
if ( GetConfigSetting("TreatNotFoundFiltersAsTrue", 0, CFGLEVEL_USER) == 1 )
$bOrFilter = true;
else
$bOrFilter = false;
}
break;
case FILTER_TYPE_DATE:
// Get Log TimeStamp
$nLogTimeStamp = $arrProperitesOut[$propertyname][EVTIME_TIMESTAMP];
if ( $myfilter[FILTER_DATEMODE] == DATEMODE_LASTX )
{
// Get current timestamp
$nNowTimeStamp = time();
if ( $myfilter[FILTER_VALUE] == DATE_LASTX_HOUR )
$nLastXTime = 60 * 60; // One Hour!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_12HOURS )
$nLastXTime = 60 * 60 * 12; // 12 Hours!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_24HOURS )
$nLastXTime = 60 * 60 * 24; // 24 Hours!
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_7DAYS )
$nLastXTime = 60 * 60 * 24 * 7; // 7 days
else if ( $myfilter[FILTER_VALUE] == DATE_LASTX_31DAYS )
$nLastXTime = 60 * 60 * 24 * 31; // 31 days
else
// WTF default?
$nLastXTime = 86400;
// If Nowtime + LastX is higher then the log timestamp, the this logline is to old for us.
if ( ($nNowTimeStamp - $nLastXTime) > $nLogTimeStamp )
$bEval = false;
}
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM )
{
// Get filter timestamp!
$nFromTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
// If logtime is smaller then FromTime, then the Event is outside of our scope!
if ( $nLogTimeStamp < $nFromTimeStamp )
$bEval = false;
}
else if ( $myfilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO )
{
// Get filter timestamp!
// echo $myfilter[FILTER_VALUE];
$nToTimeStamp = GetTimeStampFromTimeString($myfilter[FILTER_VALUE]);
// If logtime is smaller then FromTime, then the Event is outside of our scope!
if ( $nLogTimeStamp > $nToTimeStamp )
$bEval = false;
}
break;
default:
// TODO!
break;
}
}
// If was number filter, we apply it the evaluation.
if ( $bIsOrFilter )
$bEval &= $bOrFilter;
if ( !$bEval )
{
// unmatching filter, reset property array
foreach ( $this->_arrProperties as $property )
$arrProperitesOut[$property] = '';
// return error!
return ERROR_FILTER_NOT_MATCH;
}
}
}
// Reached this point means filters did match!
return SUCCESS;
}
else // No filters at all means success!
return SUCCESS;
}
}
?>

20
src/classes/logstreampdo.class.php
View File

@ -240,12 +240,15 @@ class LogStreamPDO extends LogStream {
public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true)
{
// Helpers needed for DB Mapping
global $content, $gl_starttime;
global $dbmapping, $fields;
$szTableType = $this->_logStreamConfigObj->DBTableType;
// define $ret
$ret = SUCCESS;
do
{
// No buffer? then read from DB!
if ( $this->bufferedRecords == null )
$ret = $this->ReadNextRecordsFromDB($uID);
@ -261,7 +264,6 @@ class LogStreamPDO extends LogStream {
// Now read new ones
$ret = $this->ReadNextRecordsFromDB($uID);
//echo "!" . $ret . " " . $this->_currentRecordStart . "=" . $this->_currentRecordNum;
// Check if we found more records
if ( !isset($this->bufferedRecords[$this->_currentRecordNum] ) )
@ -304,6 +306,22 @@ class LogStreamPDO extends LogStream {
$this->_currentRecordNum++;
}
// Check how long we are running. If only two seconds of execution time are left, we abort further reading!
$scriptruntime = intval(microtime_float() - $gl_starttime);
if ( $scriptruntime > ($content['MaxExecutionTime']-2) )
{
// This may display a warning message, so the user knows we stopped reading records because of the script timeout.
$content['logstream_warning'] = "false";
$content['logstream_warning_details'] = $content['LN_WARNING_LOGSTREAMDISK_TIMEOUT'];
$content['logstream_warning_code'] = ERROR_FILE_NOMORETIME;
// Return error code
return ERROR_FILE_NOMORETIME;
}
// This additional filter check will take care on dynamic fields from the message parser!
} while ( $this->ApplyFilters($ret, $arrProperitesOut) != SUCCESS && $ret == SUCCESS );
// reached here means return result!
return $ret;
}

38
src/classes/msgparsers/msgparser.wireless.class.php
View File

@ -36,6 +36,7 @@ class MsgParser_wireless extends MsgParser {
public $_ClassDescription = 'Custom logfile parser for wireless access points.';
public $_ClassHelpArticle = "";
public $_ClassRequiredFields = array (
"net_host" => array (", ", "FieldID" => "net_host", "FieldDefine" => "SYSLOG_NET_HOST", "FieldCaption" => "Hostname", "FieldType" => 0, "FieldAlign" => "left", "SearchField" => "net_host", "DefaultWidth" => 100, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0),
"net_bytesrecieved" => array ( "FieldID" => "net_bytesrecieved", "FieldDefine" => "SYSLOG_NET_BYTESRECIEVED", "FieldCaption" => "Bytes recieved", "FieldType" => 1, "FieldAlign" => "left", "SearchField" => "net_bytesrecieved", "DefaultWidth" => 80, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0),
"net_bytessend" => array (", ", "FieldID" => "net_bytessend", "FieldDefine" => "SYSLOG_NET_BYTESSEND", "FieldCaption" => "Bytes send", "FieldType" => 1, "FieldAlign" => "left", "SearchField" => "net_bytessend", "DefaultWidth" => 80, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0 ),
"net_interface" => array (", ", "FieldID" => "net_interface", "FieldDefine" => "SYSLOG_NET_INTERFACE", "FieldCaption" => "Interface", "FieldType" => 0, "FieldAlign" => "center", "SearchField" => "net_interface", "DefaultWidth" => 75, "SearchOnline" => 0, "Trunscate" => 0, "Sortable" => 0),
@ -76,7 +77,7 @@ class MsgParser_wireless extends MsgParser {
// Sample: Oct 14 21:05:52 script,info INICIO; Madrid-arturosoria ;wlan1 ;00:1F:3A:66:70:09 ;192.168.10.117 ;24Mbps ;36Mbps ;15:50:56 ;00:00:00.080 ;-80dBm@1Mbps ;21 ;78 ;43351,126437 ;2959,377
if ( preg_match('/(.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?);(.|.*?)$/', $szMsg, $out) )
{
$arrArguments[SYSLOG_HOST] = $out[1];
$arrArguments[SYSLOG_NET_HOST] = trim($out[1]);
// Set wlan log specific properties!
$arrArguments[SYSLOG_NET_INTERFACE] = trim($out[2]);
@ -86,22 +87,22 @@ class MsgParser_wireless extends MsgParser {
$arrArguments[SYSLOG_NET_TXRATE] = trim($out[6]);
$arrArguments[SYSLOG_NET_UPTIME] = trim($out[7]);
$arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[8]);
$arrArguments[SYSLOG_NET_SIGNALSTRENGTH] = trim($out[9]);
$arrArguments[SYSLOG_NET_SIGNALSTRENGTH]= trim($out[9]);
// Number based fields
$arrArguments[SYSLOG_NET_SIGNALTONOISE] = $out[10];
$arrArguments[SYSLOG_NET_TXCCQ] = $out[11];
$arrArguments[SYSLOG_NET_SIGNALTONOISE] = trim($out[10]);
$arrArguments[SYSLOG_NET_TXCCQ] = trim($out[11]);
// Set msg to whole logline
$arrArguments[SYSLOG_MESSAGE] = $out[0];
$arrArguments[SYSLOG_MESSAGE] = trim($out[0]);
// Get additional parameters!
if ( preg_match('/(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?);(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?)$/', $out[12], $out2) )
{
$arrArguments[SYSLOG_NET_BYTESRECIEVED] = $out2[1];
$arrArguments[SYSLOG_NET_BYTESSEND] = $out2[2];
$arrArguments[SYSLOG_NET_PACKETSRECIEVED] = $out2[3];
$arrArguments[SYSLOG_NET_PACKETSSEND] = $out2[4];
$arrArguments[SYSLOG_NET_BYTESRECIEVED] = trim($out2[1]);
$arrArguments[SYSLOG_NET_BYTESSEND] = trim($out2[2]);
$arrArguments[SYSLOG_NET_PACKETSRECIEVED] = trim($out2[3]);
$arrArguments[SYSLOG_NET_PACKETSSEND] = trim($out2[4]);
}
else
{
@ -144,8 +145,7 @@ class MsgParser_wireless extends MsgParser {
// Set generic properties
$arrArguments[SYSLOG_DATE] = GetEventTime($out[1] . " " . $out[2]);
$arrArguments[SYSLOG_HOST] = $out[6];
// $arrArguments[SYSLOG_DATE] = GetEventTime($out[4]);
$arrArguments[SYSLOG_NET_HOST] = trim($out[6]);
// Set wlan log specific properties!
$arrArguments[SYSLOG_NET_INTERFACE] = trim($out[7]);
@ -155,22 +155,22 @@ class MsgParser_wireless extends MsgParser {
$arrArguments[SYSLOG_NET_TXRATE] = trim($out[11]);
$arrArguments[SYSLOG_NET_UPTIME] = trim($out[12]);
$arrArguments[SYSLOG_NET_LASTACTIVITY] = trim($out[13]);
$arrArguments[SYSLOG_NET_SIGNALSTRENGTH] = trim($out[14]);
$arrArguments[SYSLOG_NET_SIGNALSTRENGTH]= trim($out[14]);
// Number based fields
$arrArguments[SYSLOG_NET_SIGNALTONOISE] = $out[15];
$arrArguments[SYSLOG_NET_TXCCQ] = $out[16];
$arrArguments[SYSLOG_NET_SIGNALTONOISE] = trim($out[15]);
$arrArguments[SYSLOG_NET_TXCCQ] = trim($out[16]);
// Set msg to whole logline
$arrArguments[SYSLOG_MESSAGE] = $out[0];
$arrArguments[SYSLOG_MESSAGE] = trim($out[0]);
// Get additional parameters!
if ( preg_match('/(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?);(.|.*?[0-9]{1,12}.*?),(.|.*?[0-9]{1,12}.*?)$/', $out[17], $out2) )
{
$arrArguments[SYSLOG_NET_BYTESRECIEVED] = $out2[1];
$arrArguments[SYSLOG_NET_BYTESSEND] = $out2[2];
$arrArguments[SYSLOG_NET_PACKETSRECIEVED] = $out2[3];
$arrArguments[SYSLOG_NET_PACKETSSEND] = $out2[4];
$arrArguments[SYSLOG_NET_BYTESRECIEVED] = trim($out2[1]);
$arrArguments[SYSLOG_NET_BYTESSEND] = trim($out2[2]);
$arrArguments[SYSLOG_NET_PACKETSRECIEVED] = trim($out2[3]);
$arrArguments[SYSLOG_NET_PACKETSSEND] = trim($out2[4]);
}
else
{