Below is my Content:
Subject:
Security ID: S-1-5-21-3368353891-1012177287-890106238-22451
Account Name: ChamaraKer
Account Domain: JIC
Logon ID: 0x1fffb
Object:
Object Server: Security
Object Type: File
Object Name: D:\ApacheTomcat\apache-tomcat-6.0.36\logs\localhost.2013-07-01.log
Handle ID: 0x11dc
I need to match the line containing Object Name using a Regular expression.
Following is what i have tried:
^.*\b(Object|Name)\b.*$
The above regex matches Account Name: ChamaraKer, But my requirement is to match the line containing the word Object Name. How can i do this? It would be great if any one could help me with this problem.
Your regex is actually trying to match lines that contains Object OR Name..
Change it it
^.*\bObject Name\b.*$
Response to comment:
^.*\bObject Name:(.*)$
Group 1 will have everything match inside of (.*).
Depending on regex engine, for example it'll be \1 (for Notepad++) or match.Groups[1].Value (C#)
Related
I Want to create a filter that will match the following string with the following interface
Date: dd/mm/yyyy-dd/mm/yyyy
Name: string
ID: string
The string itself:
Date: 11/02/2020,Name:SO,ID:10
The Regex I tried look like this ->
(Date:((((([13578]|0[13578]|1[02])[\/](0[1-9]|[1-9]|1[0-9]|2[0-9]|3[01]))|(([469]|0[469]|11)[\/]([1-9]|1[0-9]|2[0-9]|3[0]))|((2|02)([\/](0[1-9]|1[0-9]|2[0-8]))))[\/](19([6-9][0-9])|20([0-9][0-9])))|((02)[\/](29)[\/](19(6[048]|7[26]|8[048]|9[26])|20(0[048]|1[26]|2[048]))))(-)?((((([13578]|0[13578]|1[02])[\/](0[1-9]|[1-9]|1[0-9]|2[0-9]|3[01]))|(([469]|0[469]|11)[\/]([1-9]|1[0-9]|2[0-9]|3[0]))|((2|02)([\/](0[1-9]|1[0-9]|2[0-8]))))[\/](19([6-9][0-9])|20([0-9][0-9])))|((02)[\/](29)[\/](19(6[048]|7[26]|8[048]|9[26])|20(0[048]|1[26]|2[048]))))?|Name|ID)`
The problem I have with this regex is that it just captures the first filter.
I'm not sure I understood your problem, so I created a regex that matches the string you want, whatever are the dates or the names :
Date: (\d{2}\/\d{2}\/\d{4})-(\d{2}\/\d{2}\/\d{4})\sName:([a-zA-Z]+)
Test it here.
Can you edit your post and give more examples of strings that must match and strings that must not ?
I have Windows logs being aggregated to a syslog server which is messing with the format a little bit and I'm trying to work a regular expression (PCRE) to be reformat it a little so I can extract some key/value pairs
I've had a go at the regular expression myself, but I'm stuck on the fact that each "Message" section has several "Headers" which have defined key/value pairs underneath them.
An example would be:
An attempt was made to access an object. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: NAME$ Account Domain: DOMAIN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: Z:\PATH\PATH\PATH\file.log Handle ID: 0x9b0 Process Information: Process ID: 0xa84 Process Name: C:\Program Files\PROGRAM\EXECUTABLE.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1
The headers would be Subject, Object and Process Information.
Where I seem to be stuck is the only delimiter here is \s regardless of a header or pair.
This has got me close.
\s([^:\s]+)\:[\s]([^\s]*) but only captures the first word in a multi-word header or key.
With /s being the only delimiter, will this be possible?
If you only want those header names you might use an alternation and list the words between word boundaries \b.
Note that you don't have to escape the : and a single \s could also be written without the square brackets.
\b(Process Information|\S+)\b:\s(\S*)
Explanation
\b Word boundary
( Capturing group 1
Process Information|\S+ Match any of the listed
) Close capturing group
\b:\s Match word boundary, : and whitespace char
(\S*) Capturing group 2 matching 0+ times a non whitespace char
See a regex demo
I need a regex expression which would parse my text pattern: CR-000000. There may be a text but somewhere inside would be the pattern, sometimes two - i need to extract only the part matching the pattern
I have created the following pattern but still doesn't work [CR-]{6}[0-9]
[CR-]{6}[0-9]
From the following example: The change Request has been created for the location below. CR-0001083 Click this link to access the Change Request Change Request ID : CR-0001086 Property ID: CK1014 - the output would be CR-0001083 CR-0001086
Thanks, CR-[0-9]{7} resolves the thing!
Assuming I have some strings of the following type:
session opened by (uid=0)
session opened by scotty
Is it possible to write a regex that will either capture the text "root" if (uid=0) is found in the string, otherwise capture the normal user name (i.e. scotty)?
Regex does not allow you to capture anything that is missing from the input string. If you know the structure of the input text, you can have a regex pattern return the required part. Here is an example that works for .NET-based regex flavor:
(?s)(?<=\(uid=0\).*opened by )\w+
Matches Found:
[0][0] = scotty
I need to use a regex ("filter=regexp" in NSClient++) to get a specific line (which is marked with "<--") if there is NO $-sign inside of it.
Below is an example of what the text looks like in which I have to search (It is a description message form an eventlog).
A member was added to a security-enabled global group
Subject:
Security ID: ...
Account Name: ...
Account Domain: ...
Logon ID: ...
Member:
Security ID: ... <--
Account Name: ...
Group:
Security ID: ...
Group Name: ...
Group Domain: ...
Additional Information:
...
So if the line which starts with "Security ID" inside of "Member" does NOT contain a $-sign then I need the output of the regex to be "Security ID: ..." otherwise there should be no output.
I tried some different things, but I don't get I working totally right:
/(?<=Member:[\n]).*(Security ID:((?![$]).)*)(?=[\n].*Account Name:)/s
--> Wrong if there is a line between "Security ID ..." and "Account Name ..." and seams to give back two matches.
So maybe someone can help me with that. ;)
UPDATE:
How to do it if there can also be multiple lines between "Member" and "Security ID"?
UPDATE2:
Actually this is what I meant:
/(?m)^(?<=Member:[\n])(?:.|\n)*?(Security ID:[^$\n]*$)(?:.|\n)*?(?=Group:[\n])/
Thanks for your help Robin & AdamK otherwise I were still looking to get it right! :)
Greetings,
Cédric
The hard part is to distinguish one section (Subject, Member...) from another: we don't want to match any Security ID. This regex relies on the two spaces indentation to distinguish those.
The wanted line is captured in the first capturing group, see demo here.
(?m)Member:\n(?: .*\n|\n)*?(^ *Security ID:[^$\n]*$)
(?m) is just the inline way of turning on the multiline flag m
^[^$\n]*$ matches only lines not containing $
\S matches anything but any sort of whitespace (no newline, tab...)
(?: \S.*\n)*? matches any number of lines indented by two spaces