Re: Re: Cisco Log Files: broken REGEX

Good news: You were right and I missed the square braces.
Bad news: It is still broke after I fixed it.

Here's the new regex:

 m@^([A-Z][a-z]+\s+\d+\s+\d+\:\d+\:\d+)\s+\[([\.\d]+)\]\s+(\d+)\:\s+([
+A-Z][a-z]+\s+\d+\s+\d+\:\d+\:\d+)\s+([A-Z]{3})\:\s+\%SEC\-6\-[A-Z]+\:
+\s+list\s+\d+([a-z]+)\s+([a-z]+)\s+(\d+\.\d+\.\d+\.\d+)\s+\-\>\s+(\d+
+\.\d+\.\d+\.\d+)\s+\(\d+\/\d+\)\,\s+(\d)\s+packet$@
[download]

Peter @ Berghold . Net

Sieze the cow! Bite the day!

Nobody expects the Perl inquisition!

Test the code? We don't need to test no stinkin' code!
All code posted here is as is where is unless otherwise stated.

Brewer of Belgian style Ales

Comment on Re: Re: Cisco Log Files: broken REGEX Download Code

Replies are listed 'Best First'.
Re: Re: Re: Cisco Log Files: broken REGEX by RMGir (Prior) on Aug 21, 2003 at 23:42 UTC
Hehe, I figured that out myself once I whipped up a test bench. I still don't have it working, but I do have a few suggestions. Don't escape everything in sight, you'll go nuts. : and , don't need \, really. m@@x is your friend. Could you detect what you need to extract without matching the whole line? Note that ICMP and TCP have different "port" parts, so making a general regex is gonna bite. Anyhow, here's my test bench, with my latest non-working version of the regex: Read more... (2 kB) -- Mike	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Re: Cisco Log Files: broken REGEX
by RMGir (Prior) on Aug 21, 2003 at 23:42 UTC

I still don't have it working, but I do have a few suggestions.

Don't escape everything in sight, you'll go nuts. : and , don't need \, really.

m@@x is your friend.

Could you detect what you need to extract without matching the whole line? Note that ICMP and TCP have different "port" parts, so making a general regex is gonna bite.

Anyhow, here's my test bench, with my latest non-working version of the regex: