Re^4: Perl Regex

It's not working means I do not get any output when I print $msg, I expect it to print the actual string from log, I have mentioned this in my first post. Here is the log file inside code:

20 Nov 17:43:1 10 28 2010 02:18:33: date=2010-10-28 time=00:27:54 log_
+id=2 type=ips subtype=signature pri=alert fwver=040002 severity=mediu
+m carrier_ep="N/A" profile="IPS" src=X.X.X.X dst=X.X.X.X src_int="wan
+1" dst_int="internal" policyid=2 status=detected proto=17 service=143
+4/udp vd="root" count=1 src_port=111 dst_port=80 attack_id=10328 sens
+or="IPS_sensor" ref="http://www.fortinet.com/ids/VID10328" user="N/A"
+ group="N/A" incident_serialno=2004954881 msg="database: MS.SQL.Serve
+r.Resolution.Service.Stack.Overflow"
[download]

All other fields are matching and working fine except this one.
I tried debugging and regex matches the string but not when I run my perl script.

  DB<10> $msg = q(some_fields msg="http_decoder: HTTP.Unknown.Tunnelli
+ng" some_fields)

  DB<11> x $ msg
0  'some_fields msg="http_decoder: HTTP.Unknown.Tunnelling" some_field
+s'
  DB<12> x $msg =~/msg=\"(.*?)\"/         
0  'http_decoder: HTTP.Unknown.Tunnelling'

  DB<13> x $msg =~ /msg=\"+((?:([^:,]+):\s|)([^,]+?)\s*(?:\s*,.*?|))\"
++/
0  'http_decoder: HTTP.Unknown.Tunnelling'
1  'http_decoder'
2  'HTTP.Unknown.Tunnelling'
[download]

Comment on Re^4: Perl Regex Select or Download Code

Replies are listed 'Best First'.
Re^5: Perl Regex by cipher (Acolyte) on Nov 23, 2010 at 11:53 UTC
I think this maybe because I am splitting the fields by space and there is a space after msg="database:space I am trying to match my regex on two fields. 20 Nov 17:43:1 10 28 2010 02:18:33: date=2010-10-28 time=00:27:54 log_ +id=2 type=ips subtype=signature pri=alert fwver=040002 severity=mediu +m carrier_ep="N/A" profile="IPS" src=X.X.X.X dst=X.X.X.X src_int="wan +1" dst_int="internal" policyid=2 status=detected proto=17 service=143 +4/udp vd="root" count=1 src_port=111 dst_port=80 attack_id=10328 sens +or="IPS_sensor" ref="http://www.fortinet.com/ids/VID10328" user="N/A" + group="N/A" incident_serialno=2004954881 msg="database: MS.SQL.Serve +r.Resolution.Service.Stack.Overflow" [download]	[reply] [d/l]
Re^6: Perl Regex by CountZero (Bishop) on Nov 23, 2010 at 16:31 UTC
Yes, that is exactly where your problem is. You are not matching the whole line in the log-file, but only a part of it. Perhaps you have to rethink your approach and not split the log-lines by spaces, but craft individual regexes for each field. CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James	[reply]