brian_appliedcpu
asked on
Regex Optional Items
I am trying to parse the following text string example. The variations of text strings make it necessary to have most of the string matches as optional. Could anyone help me figure this out?
The (www.bob.com) is sometimes there and sometimes not and its location is often varied, but always comes after the first ip.
Sub Main1()
Dim s1 As String, A As String, B As String, S As String, D As String, N As String
Dim RegEx, RegO, Matches, SubM
Set RegEx = CreateObject("vbscript.reg
RegEx.Pattern = "(src outside:)(\d{1,3}\.\d{1,3}
RegEx.Global = True
s1 = ":%PIX-4-402106: Deny tcp src outside:1.1.1.2/80 dst (www.bob.com) inside:123.124.129.123/569
Set RegO = RegEx.Execute(s1)
For Each Matches In RegO
Set SubM = Matches.submatches
Select Case SubM(0)
Case "src outside:"
A = SubM(1)
S = SubM(2)
Case "remote:"
B = SubM(1)
D = SubM(2)
End Select
Next
MsgBox A & " " & S & vbNewLine & B & " " & D & vbNewLine & N
End Sub
The (www.bob.com) is sometimes there and sometimes not and its location is often varied, but always comes after the first ip.
Sub Main1()
Dim s1 As String, A As String, B As String, S As String, D As String, N As String
Dim RegEx, RegO, Matches, SubM
Set RegEx = CreateObject("vbscript.reg
RegEx.Pattern = "(src outside:)(\d{1,3}\.\d{1,3}
RegEx.Global = True
s1 = ":%PIX-4-402106: Deny tcp src outside:1.1.1.2/80 dst (www.bob.com) inside:123.124.129.123/569
Set RegO = RegEx.Execute(s1)
For Each Matches In RegO
Set SubM = Matches.submatches
Select Case SubM(0)
Case "src outside:"
A = SubM(1)
S = SubM(2)
Case "remote:"
B = SubM(1)
D = SubM(2)
End Select
Next
MsgBox A & " " & S & vbNewLine & B & " " & D & vbNewLine & N
End Sub
ASKER
Ok...but sometimes the (bob.com) is not there, can this be made optional?
ASKER
Here is an odd ball string whre there is no / after the ip number but does have a (www.bob.com) followed by an additional (0). I don't care at this point about the (0) but I do need the (www.bob.com).
:%PIX-3-106100: access-list acl_inbound denied icmp outside/1.1.2.3 (customermex-148-244-192-8
:%PIX-3-106100: access-list acl_inbound denied icmp outside/1.1.2.3 (customermex-148-244-192-8
Brian,
The code below doesn't do exactlty what I'd expect. It works for the case you want above but if I try the line
"%PIX-3-106100: access-list acl_inbound denied icmp outside/1.1.2.3 customermex-148-244-192-88
it should return
1.1.2.3 (0)
but it returns
1.1.2.3
I will keep checking this
Rather than match
"src outside"
it needs to match
"outside/"
Cheers
Dave
Sub Main1()
Dim s1 As String, A As String, B As String, S As String, D As String, N As String
Dim RegEx, RegO, Matches, SubM
Set RegEx = CreateObject("vbscript.reg
RegEx.Pattern = "(outside\/)(\d{1,3}\.\d{1
RegEx.Global = True
s1 = ":%PIX-3-106100: access-list acl_inbound denied icmp outside/1.1.2.3 (customermex-148-244-192-8
Set RegO = RegEx.Execute(s1)
For Each Matches In RegO
Set SubM = Matches.submatches
Select Case SubM(0)
Case "outside/"
A = SubM(1)
S = SubM(2)
Z = SubM(3)
Case "remote:"
B = SubM(1)
D = SubM(2)
End Select
Next
MsgBox A & " " & S & " " & Z & vbNewLine & B & " " & D & vbNewLine & N
End Sub
The code below doesn't do exactlty what I'd expect. It works for the case you want above but if I try the line
"%PIX-3-106100: access-list acl_inbound denied icmp outside/1.1.2.3 customermex-148-244-192-88
it should return
1.1.2.3 (0)
but it returns
1.1.2.3
I will keep checking this
Rather than match
"src outside"
it needs to match
"outside/"
Cheers
Dave
Sub Main1()
Dim s1 As String, A As String, B As String, S As String, D As String, N As String
Dim RegEx, RegO, Matches, SubM
Set RegEx = CreateObject("vbscript.reg
RegEx.Pattern = "(outside\/)(\d{1,3}\.\d{1
RegEx.Global = True
s1 = ":%PIX-3-106100: access-list acl_inbound denied icmp outside/1.1.2.3 (customermex-148-244-192-8
Set RegO = RegEx.Execute(s1)
For Each Matches In RegO
Set SubM = Matches.submatches
Select Case SubM(0)
Case "outside/"
A = SubM(1)
S = SubM(2)
Z = SubM(3)
Case "remote:"
B = SubM(1)
D = SubM(2)
End Select
Next
MsgBox A & " " & S & " " & Z & vbNewLine & B & " " & D & vbNewLine & N
End Sub
ASKER
I am about ready to quit and hire someone to do this for me....
I have broken the routine into two parts, one for the source and one for the destination.
Unfortunately I am having an issue with some of the messages since they have the word interface in them.
That is not the only issue I am having though....
I have included all of the known strings for M the NR means Not Required the ng means no good, It doesn't work
Would you take a look at this?
Also, If I want them as two seperate sections can I split them up?...ie run thru for the source stuff and then below run thru the destination stuff.
I thought I could just
'*************************
Set RegP = RegEx.Execute(N)
For Each Matches In RegP
Set SubN = Matches.SubMatches
Select Case SubN(0)
' etc.....
' **********************
Option Explicit
Sub Main()
Dim M
Dim RegEx, RegO, Matches, SubM
Dim Broken As String
Dim CiscoMessID As Long
Dim DateOfMessage As String
Dim errMessage As String
Dim errStr As String
Dim FirewallIP As String
Dim FirewallPW As String
Dim FirewallEN As String
Dim FirewallSSH As String
Dim InstancesOfShun As Integer
Dim Item1 As String
Dim Item2 As String
Dim MessExp As String
Dim MessAction As String
Dim OffenderDNS As String
Dim OffenderPT As String
Dim OffenderIP As String
Dim OldShunState As String
Dim PermanentShun As String
Dim SafeIP As String
Dim ShunSec As Integer
Dim ShunState As String
Dim TargetDNS As String
Dim TargetPT As String
Dim TargetIP As String
Dim TimeOfMessage As String
Dim TimeOfShun As String
Dim Shun1 As String
Dim TimeOfIncident As Date
Dim TargetInterface As String
' M = ":%PIX-3-106100: access-list acl_inbound denied icmp outside/1.1.2.2 (customermex-148-244-192-8
' M = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123 (bob.com) /80 dst interface inside 0 /5694 by ""access-group"""
' M = ":%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 65.6.136.15 (adsl-065-006-136-015.sip.
' M = ":%PIX-4-500004: Invalid transport field for protocol=6, from 200.82.95.177 (host177.200-82-95.telecom
' M = ":%PIX-3-710003: TCP access denied by ACL from 217.175.237.188 (s-am4.aman.de) /55286 to outside:65.6.136.15 (adsl-065-006-136-015.sip.
' M = ":%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 65.6.136.15 (adsl-065-006-136-015.sip.
' M = ":%PIX-3-313001: Denied ICMP type=11, code=0 from 166.90.128.161 (ge-4-0-218.ipcolo2.SanFra
' Sample Messages
'M = "%PIX-1-107001: RIP auth failed from 1.1.1.1: version=number, type=string, mode=string, sequence=number on interface inside"
'M = "%PIX-1-107002: RIP pkt failed from 1.1.1.1: version=number on interface inside"
'x M = "%PIX-4-109017: User at 1.1.1.1 exceeded auth proxy connection limit (max)"
'M = "%PIX-2-201003: Embryonic limit exceeded nconns/elimit for 1.1.1.1/25 (global_address) 2.2.2.2/80 on interface outside"
'ng M = "%PIX-4-209003: Fragment database limit of number exceeded: src = 1.1.1.1,dest = 2.2.2.2, proto = protocol, id = number"
'M = "%PIX-6-308001: PIX console enable password incorrect for number tries (from 1.1.1.1)"
'ng M = "%PIX-2-106020: Deny IP teardrop fragment (size = number, offset = number) from 1.1.1.1 to 2.2.2.2"
' M = "%PIX-1-106022: Deny protocol connection spoof from 1.1.1.1 to 2.2.2.2 on interface inside"
'M = "%PIX-4-402102: decapsulate: packet missing {AH|ESP}, destadr=2.2.2.2, actual prot=protocol"
M = "%PIX-4-402103: identity doesn't match negotiated identity (ip) dest_address= 2.2.2.2, src_addr= 1.1.1.1, prot= protocol, (ident) local=2.2.2.2, remote=1.1.1.1, local_proxy=IP_address/IP_
'ng M = "%PIX-4-403109: Rec'd packet not an PPTP packet. (ip) dest_address= 1.1.1.1, src_addr= 2.2.2.2, data:"
'ng M = "%PIX-7-710005: request discarded from 1.1.1.1/25 to outside:2.2.2.2/service"
'M = "%PIX-3-710003: {TCP|UDP} access denied by ACL from 1.1.1.1/25 to inside:2.2.2.2/service"
'M = "%PIX-4-500004: Invalid transport field for protocol=protocol, from 1.1.1.1/25 to 2.2.2.2/80"
'M = "%PIX-4-402106: Rec'd packet not an IPSEC packet (ip) dest_address= 2.2.2.2, src_addr= 1.1.1.1, prot= protocol"
'M = "%PIX-4-106023: Deny protocol src outside:1.1.1.1/25] dst interface inside:2.2.2.2/80 [type {string}, code {code}] by access_group acl_ID"
'M = "%PIX-1-106021: Deny protocol reverse path check from 1.1.1.1 to 2.2.2.2 on interface interface_name"
'M = "%PIX-2-106016: Deny IP spoof from 1.1.1.1 to 2.2.2.2 on interface inside."
'M = "%PIX-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 2.2.2.2"
'M = "%PIX-3-313001: Denied ICMP type=number, code=code from 1.1.1.1 on interface inside"
'NR M = "%PIX-4-313003: Invalid destination for ICMP error"
'M = "%PIX-4-402101: decaps: rec'd IPSEC packet has invalid spi for destaddr=2.2.2.2, prot=protocol, spi=number"
'Not Required M = "%PIX-1-106101 The number of ACL log deny-flows has reached limit (number)."
'NR M = "%PIX-3-302302: ACL = deny; no sa created"
'NR M = "%PIX-3-407002: Embryonic limit neconns/elimit for through connections exceeded.1.1.1.1/25 to global_address (2.2.2.2)/80 on interface outside"
'NR M = "%PIX-7-701001: alloc_user() out of Tcp_user objects"
'NR M = "%PIX-4-405002: Received mac mismatch collision from 1.1.1.1/mac_address for authenticated host"
' End of sample Messages
Set RegEx = CreateObject("vbscript.reg
' Now identify the Firewall Interfaces
' Parsing string for destination Target
'RegEx.Pattern = "(dest = |dest_address= |destadr= |destaddr= |dst_addr= |dest_addr= |inside:|outside:|dmz:|dmz
'RegEx.Pattern = "(dest_address= |outside:|outside\/|remote
RegEx.Pattern = "(dest = |dest_address= |destadr= |destaddr= | inside:| to |dest_addr= |to outside:|dst outside:|dst_addr= |dmz:|dmz\/|inside\/)(\d{1
RegEx.Global = True
Set RegO = RegEx.Execute(M)
For Each Matches In RegO
Set SubM = Matches.SubMatches
Select Case SubM(0)
Case "dest = "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dest_address= "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case " destadr= "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "destaddr= "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dst_addr= "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dest_addr= "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "inside:"
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "outside:"
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dmz:"
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dmz/"
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "inside/"
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dst interface "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case ""
If SubM(3) = "interface" Then TargetIP = SubM(4)
If SubM(3) = Empty Then TargetIP = SubM(5)
Case Else
End Select
Next
If TargetIP = "inside" Then
TargetIP = "Firewall Interface Inside"
ElseIf TargetIP = "0" Then
TargetIP = "Firewall Interface Outside"
ElseIf TargetIP = "1" Then
TargetIP = "Firewall Interface Inside"
ElseIf TargetIP = "2" Then
TargetIP = "Firewall Interface DMZ "
ElseIf TargetIP = "3" Then
TargetIP = "Firewall Interface DMZ 2"
ElseIf TargetIP = "4" Then
TargetIP = "Firewall Interface DMZ 3"
ElseIf TargetIP = "5" Then
TargetIP = "Firewall Interface DMZ 4"
ElseIf TargetIP = "6" Then
TargetIP = "Firewall Interface DMZ 5"
ElseIf TargetIP = "7" Then
TargetIP = "Firewall Interface DMZ 6"
ElseIf TargetIP = "8" Then
TargetIP = "Firewall Interface DMZ 7"
ElseIf TargetIP = "9" Then
TargetIP = "Firewall Interface DMZ 8"
Else
TargetIP = TargetIP
TargetDNS = TargetDNS
End If
MsgBox "TargetIP is " & TargetIP
MsgBox "TargetDNS is " & TargetDNS
MsgBox "TargetInterface is " & TargetInterface
End Sub
I have broken the routine into two parts, one for the source and one for the destination.
Unfortunately I am having an issue with some of the messages since they have the word interface in them.
That is not the only issue I am having though....
I have included all of the known strings for M the NR means Not Required the ng means no good, It doesn't work
Would you take a look at this?
Also, If I want them as two seperate sections can I split them up?...ie run thru for the source stuff and then below run thru the destination stuff.
I thought I could just
'*************************
Set RegP = RegEx.Execute(N)
For Each Matches In RegP
Set SubN = Matches.SubMatches
Select Case SubN(0)
' etc.....
' **********************
Option Explicit
Sub Main()
Dim M
Dim RegEx, RegO, Matches, SubM
Dim Broken As String
Dim CiscoMessID As Long
Dim DateOfMessage As String
Dim errMessage As String
Dim errStr As String
Dim FirewallIP As String
Dim FirewallPW As String
Dim FirewallEN As String
Dim FirewallSSH As String
Dim InstancesOfShun As Integer
Dim Item1 As String
Dim Item2 As String
Dim MessExp As String
Dim MessAction As String
Dim OffenderDNS As String
Dim OffenderPT As String
Dim OffenderIP As String
Dim OldShunState As String
Dim PermanentShun As String
Dim SafeIP As String
Dim ShunSec As Integer
Dim ShunState As String
Dim TargetDNS As String
Dim TargetPT As String
Dim TargetIP As String
Dim TimeOfMessage As String
Dim TimeOfShun As String
Dim Shun1 As String
Dim TimeOfIncident As Date
Dim TargetInterface As String
' M = ":%PIX-3-106100: access-list acl_inbound denied icmp outside/1.1.2.2 (customermex-148-244-192-8
' M = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123 (bob.com) /80 dst interface inside 0 /5694 by ""access-group"""
' M = ":%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 65.6.136.15 (adsl-065-006-136-015.sip.
' M = ":%PIX-4-500004: Invalid transport field for protocol=6, from 200.82.95.177 (host177.200-82-95.telecom
' M = ":%PIX-3-710003: TCP access denied by ACL from 217.175.237.188 (s-am4.aman.de) /55286 to outside:65.6.136.15 (adsl-065-006-136-015.sip.
' M = ":%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 65.6.136.15 (adsl-065-006-136-015.sip.
' M = ":%PIX-3-313001: Denied ICMP type=11, code=0 from 166.90.128.161 (ge-4-0-218.ipcolo2.SanFra
' Sample Messages
'M = "%PIX-1-107001: RIP auth failed from 1.1.1.1: version=number, type=string, mode=string, sequence=number on interface inside"
'M = "%PIX-1-107002: RIP pkt failed from 1.1.1.1: version=number on interface inside"
'x M = "%PIX-4-109017: User at 1.1.1.1 exceeded auth proxy connection limit (max)"
'M = "%PIX-2-201003: Embryonic limit exceeded nconns/elimit for 1.1.1.1/25 (global_address) 2.2.2.2/80 on interface outside"
'ng M = "%PIX-4-209003: Fragment database limit of number exceeded: src = 1.1.1.1,dest = 2.2.2.2, proto = protocol, id = number"
'M = "%PIX-6-308001: PIX console enable password incorrect for number tries (from 1.1.1.1)"
'ng M = "%PIX-2-106020: Deny IP teardrop fragment (size = number, offset = number) from 1.1.1.1 to 2.2.2.2"
' M = "%PIX-1-106022: Deny protocol connection spoof from 1.1.1.1 to 2.2.2.2 on interface inside"
'M = "%PIX-4-402102: decapsulate: packet missing {AH|ESP}, destadr=2.2.2.2, actual prot=protocol"
M = "%PIX-4-402103: identity doesn't match negotiated identity (ip) dest_address= 2.2.2.2, src_addr= 1.1.1.1, prot= protocol, (ident) local=2.2.2.2, remote=1.1.1.1, local_proxy=IP_address/IP_
'ng M = "%PIX-4-403109: Rec'd packet not an PPTP packet. (ip) dest_address= 1.1.1.1, src_addr= 2.2.2.2, data:"
'ng M = "%PIX-7-710005: request discarded from 1.1.1.1/25 to outside:2.2.2.2/service"
'M = "%PIX-3-710003: {TCP|UDP} access denied by ACL from 1.1.1.1/25 to inside:2.2.2.2/service"
'M = "%PIX-4-500004: Invalid transport field for protocol=protocol, from 1.1.1.1/25 to 2.2.2.2/80"
'M = "%PIX-4-402106: Rec'd packet not an IPSEC packet (ip) dest_address= 2.2.2.2, src_addr= 1.1.1.1, prot= protocol"
'M = "%PIX-4-106023: Deny protocol src outside:1.1.1.1/25] dst interface inside:2.2.2.2/80 [type {string}, code {code}] by access_group acl_ID"
'M = "%PIX-1-106021: Deny protocol reverse path check from 1.1.1.1 to 2.2.2.2 on interface interface_name"
'M = "%PIX-2-106016: Deny IP spoof from 1.1.1.1 to 2.2.2.2 on interface inside."
'M = "%PIX-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 2.2.2.2"
'M = "%PIX-3-313001: Denied ICMP type=number, code=code from 1.1.1.1 on interface inside"
'NR M = "%PIX-4-313003: Invalid destination for ICMP error"
'M = "%PIX-4-402101: decaps: rec'd IPSEC packet has invalid spi for destaddr=2.2.2.2, prot=protocol, spi=number"
'Not Required M = "%PIX-1-106101 The number of ACL log deny-flows has reached limit (number)."
'NR M = "%PIX-3-302302: ACL = deny; no sa created"
'NR M = "%PIX-3-407002: Embryonic limit neconns/elimit for through connections exceeded.1.1.1.1/25 to global_address (2.2.2.2)/80 on interface outside"
'NR M = "%PIX-7-701001: alloc_user() out of Tcp_user objects"
'NR M = "%PIX-4-405002: Received mac mismatch collision from 1.1.1.1/mac_address for authenticated host"
' End of sample Messages
Set RegEx = CreateObject("vbscript.reg
' Now identify the Firewall Interfaces
' Parsing string for destination Target
'RegEx.Pattern = "(dest = |dest_address= |destadr= |destaddr= |dst_addr= |dest_addr= |inside:|outside:|dmz:|dmz
'RegEx.Pattern = "(dest_address= |outside:|outside\/|remote
RegEx.Pattern = "(dest = |dest_address= |destadr= |destaddr= | inside:| to |dest_addr= |to outside:|dst outside:|dst_addr= |dmz:|dmz\/|inside\/)(\d{1
RegEx.Global = True
Set RegO = RegEx.Execute(M)
For Each Matches In RegO
Set SubM = Matches.SubMatches
Select Case SubM(0)
Case "dest = "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dest_address= "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case " destadr= "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "destaddr= "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dst_addr= "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dest_addr= "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "inside:"
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "outside:"
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dmz:"
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dmz/"
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "inside/"
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case "dst interface "
TargetIP = SubM(1)
TargetDNS = SubM(2)
TargetInterface = SubM(3)
Case ""
If SubM(3) = "interface" Then TargetIP = SubM(4)
If SubM(3) = Empty Then TargetIP = SubM(5)
Case Else
End Select
Next
If TargetIP = "inside" Then
TargetIP = "Firewall Interface Inside"
ElseIf TargetIP = "0" Then
TargetIP = "Firewall Interface Outside"
ElseIf TargetIP = "1" Then
TargetIP = "Firewall Interface Inside"
ElseIf TargetIP = "2" Then
TargetIP = "Firewall Interface DMZ "
ElseIf TargetIP = "3" Then
TargetIP = "Firewall Interface DMZ 2"
ElseIf TargetIP = "4" Then
TargetIP = "Firewall Interface DMZ 3"
ElseIf TargetIP = "5" Then
TargetIP = "Firewall Interface DMZ 4"
ElseIf TargetIP = "6" Then
TargetIP = "Firewall Interface DMZ 5"
ElseIf TargetIP = "7" Then
TargetIP = "Firewall Interface DMZ 6"
ElseIf TargetIP = "8" Then
TargetIP = "Firewall Interface DMZ 7"
ElseIf TargetIP = "9" Then
TargetIP = "Firewall Interface DMZ 8"
Else
TargetIP = TargetIP
TargetDNS = TargetDNS
End If
MsgBox "TargetIP is " & TargetIP
MsgBox "TargetDNS is " & TargetDNS
MsgBox "TargetInterface is " & TargetInterface
End Sub
Hi Brian,
I've been away but I'll start taking a look ...... gulp
You should post a question in the Perl TA either linking to this problem or restating it, there are a couple of excellent RegEx guys there
Cheers
Dave
I've been away but I'll start taking a look ...... gulp
You should post a question in the Perl TA either linking to this problem or restating it, there are a couple of excellent RegEx guys there
Cheers
Dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Brian,
Thanks for the grade.
Is this all working for you now?
Cheers
Dave
Thanks for the grade.
Is this all working for you now?
Cheers
Dave
The current pattern isn't matching the string as this portion, (?:\/\d+\b)?\s{1}(\(.+?\))
is looking for
/number... space...bracketed text
but the string is
/number... space..text.....bracketed text
/80 dst (www.bob.com)
if you try the pattern below, it will take anything after the /number and before the (text) as a wildcard
Sub Main1()
Dim s1 As String, A As String, B As String, S As String, D As String, N As String
Dim RegEx, RegO, Matches, SubM
Set RegEx = CreateObject("vbscript.reg
RegEx.Pattern = "(src outside:)(\d{1,3}\.\d{1,3}
RegEx.Global = True
s1 = ":%PIX-4-402106: Deny tcp src outside:1.1.1.2/80 dst (www.bob.com) inside:123.124.129.123/569
Set RegO = RegEx.Execute(s1)
For Each Matches In RegO
Set SubM = Matches.submatches
Select Case SubM(0)
Case "src outside:"
A = SubM(1)
S = SubM(2)
Z = SubM(3)
Case "remote:"
B = SubM(1)
D = SubM(2)
End Select
Next
MsgBox A & " " & S & " " & Z & vbNewLine & B & " " & D & vbNewLine & N
End Sub
Cheers
Dave