in reply to Re^4: Perl Regex
in thread Perl Regex

I think this maybe because I am splitting the fields by space and there is a space after msg="database:space I am trying to match my regex on two fields. 
20 Nov 17:43:1 10 28 2010 02:18:33: date=2010-10-28 time=00:27:54 log_
+id=2 type=ips subtype=signature pri=alert fwver=040002 severity=mediu
+m carrier_ep="N/A" profile="IPS" src=X.X.X.X dst=X.X.X.X src_int="wan
+1" dst_int="internal" policyid=2 status=detected proto=17 service=143
+4/udp vd="root" count=1 src_port=111 dst_port=80 attack_id=10328 sens
+or="IPS_sensor" ref="http://www.fortinet.com/ids/VID10328" user="N/A"
+ group="N/A" incident_serialno=2004954881 msg="database: MS.SQL.Serve
+r.Resolution.Service.Stack.Overflow"

[download]

Replies are listed 'Best First'.
Re^6: Perl Regex
by CountZero (Bishop) on Nov 23, 2010 at 16:31 UTC
    Yes, that is exactly where your problem is. You are not matching the whole line in the log-file, but only a part of it.

    Perhaps you have to rethink your approach and not split the log-lines by spaces, but craft individual regexes for each field.

    CountZero

    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

[reply]

In Section Seekers of Perl Wisdom