Greetings all.

I'm writing a script to parse syslog messages from a Cisco VPN Concentrator. Each line contains a number of fields, including a "message field". I'm using regular expressions to grab the data I need from these message fields based on the message type.

In one particular case (Administrative user login if you want to know) the lines look like this:

Mar  3 11:29:11 10.20.20.2 8194 03/03/2003 13:15:37.330 SEV=5 AUTH/36 
+RPT=29  User [ admin ] Protocol [ Telnet ] attempted ADMIN logon.. St
+atus: <ACCESS GRANTED> !

[download]

I want to grab the user name from the message string. After using split() to isolate the different fields I want, I tried using a regular expression to get the name:

$user=~s/.+\[[ ]+(.+)[ ]+\].+/$1/;

[download]

Unfortunately, this regular expression returns the second element between brackets. In the sample line above, it would return "Telnet". I ended up finding a solution using split :

(undef,$user,undef)=split(/\[ | \]/,$message,3);

[download]

Because, as always TMTOWTDI. However I'm curious as to what is wrong with my regular expression. I went to the camel and tried several iterations of the regular expression we see above but no joy. Anyone care to shed some light on the situation?

In reply to My regex is too greedy! by hans_moleman

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.