in reply to Cisco Log Files: broken REGEX

All I can see in a quick scan is you don't seem to be accounting for the square brackets around the MIB-like thing after the timestamp.

Am I nuts?
--
Mike

Replies are listed 'Best First'.
Re: Re: Cisco Log Files: broken REGEX
by blue_cowdawg (Monsignor) on Aug 21, 2003 at 23:35 UTC

    Good news: You were right and I missed the square braces.
    Bad news: It is still broke after I fixed it.

    Here's the new regex: 

     m@^([A-Z][a-z]+\s+\d+\s+\d+\:\d+\:\d+)\s+\[([\.\d]+)\]\s+(\d+)\:\s+([
+A-Z][a-z]+\s+\d+\s+\d+\:\d+\:\d+)\s+([A-Z]{3})\:\s+\%SEC\-6\-[A-Z]+\:
+\s+list\s+\d+([a-z]+)\s+([a-z]+)\s+(\d+\.\d+\.\d+\.\d+)\s+\-\>\s+(\d+
+\.\d+\.\d+\.\d+)\s+\(\d+\/\d+\)\,\s+(\d)\s+packet$@

    [download]

    Peter @ Berghold . Net

    Sieze the cow! Bite the day!

    Nobody expects the Perl inquisition!

    Test the code? We don't need to test no stinkin' code!
    All code posted here is as is where is unless otherwise stated.

    Brewer of Belgian style Ales

[reply]
[d/l]
      Hehe, I figured that out myself once I whipped up a test bench.

      I still don't have it working, but I do have a few suggestions.

      Don't escape everything in sight, you'll go nuts. : and , don't need \, really.

      m@@x is your friend.

      Could you detect what you need to extract without matching the whole line? Note that ICMP and TCP have different "port" parts, so making a general regex is gonna bite.

      Anyhow, here's my test bench, with my latest non-working version of the regex:

      Read more... (2 kB)

      --
      Mike
[reply]
[d/l]

In Section Seekers of Perl Wisdom