syslog - Conditional Regex, how to extract a subset of a match? -


i have syslog strings, this:

lwiod[2469]: s-1-5-21-2071757552-4033313730-2397045981-3628|0xc94f000|logon|status_success|10.10.19.10|10.10.42.40|company\username lwiod[2469]: s-1-5-21-2071757552-4033313730-2397045981-3628|0xc94f000|logon|status_success|10.10.19.10|10.10.42.40|username@company lwiod[2469]: s-1-5-21-2071757552-4033313730-2397045981-3628|0xc94f000|logon|status_success|10.10.19.10|10.10.42.40|unknown

and have regexp capture need, this:

lwiod\[([0-9]+)\]: (.*)\|(.*)\|logon\|status_(.*)\|(.*)\|(.*)\|(company\\.*|.*\@company|unknown)

what need regexp give me username or unknown in field 7 only, don't want company (which ad domain name), i'm having trouble.

field 1 s-1-5-21-2071757552-4033313730-2397045981-3628, 2 0xc94f000, ... , 7 username or unknown.

thanks!

okay, guess use this?

lwiod\[([0-9]+)\]: (.*)\|(.*)\|logon\|status_(.*)\|(.*)\|(.*)\|(?:company\\)?(unknown|[^@]+)(?:@)?

from current regex, appears company is, assumed same. otherwise, guess can use

lwiod\[([0-9]+)\]: (.*)\|(.*)\|logon\|status_(.*)\|(.*)\|(.*)\|(?:[^\\]*\\)?(unknown|[^@]+)(?:@)?


Comments

Post a Comment

Popular posts from this blog

matlab - Deleting rows with specific rules -

i got 20*3 cell array , need delete rows contains "137", "2" , "n:t" origin data: 't' '' '' 'np(*)' '' '' [ 137] '' '' [ 2] '' '' 'are' 'and' 'np(fcc_a1#1)' '' '' '1:t' [ 1200] [0.7052] '' [1.2051e+03] [0.7076] '' 'are' 'and' 'np(fcc_a1#3)' '' '' '2:t' [ 1200] [0.0673] '' [1.2051e+03] [0.0671] '' 'are' 'and' 'np(m23c6)' '' '' '3:t' [ 1200] [0.227...
Read more

php - MySQLi multi_query results for later use -

i using mysqli multi_query work several select statemets @ time. know how handle results, able use them later in code. example: <?php //connection stuff $query = "select name, surname database1;"; $query.= "select car, year, type database2 carid='1';"; $query.= "select product, price database3;"; if ($mysqli->multi_query($query)) { if($result = $mysqli->store_result()) { while($row = $result->fetch_row()) { --> here? } } } ?> <html> <div id='persona'> <?php foreach() { --> print name + surname } ?> </div> <div id='cars'> <?php foreach() { --> print car + year + type } ?> </div> <div id='product'> <?php foreach() { --> print product + price } ?> </div> </html> one more thing, prepared statements not possible when using multiple_query, right? there no benefit in putting unrelated queries in 1 multi ...
Read more