Solved

Perl Regex help needed

Posted on 2006-06-30
8
222 Views
Last Modified: 2012-08-13
#!/usr/local/bin/perl
      
      my @array = ('%ASA-7-715064 -- IKE Peer included IKE fragmentation
      capability flags',
         '%AUTH/85:LAN-to-LAN tunnel to headend device %s disconnected',
         '%AUTH/75:ACE_DeleteServerFromhash() - entry deletion fails',
         '%ASA-5-713137: Reaper overriding refCnt [ref_count] and tunnelCnt
      [tunnel_count]',
         '%ASA-3-713141: Client-reported firewall does not match configured
      firewall: action tunnel. Received ',
         '%camr_TOASTER-2-STALL: Toaster Stall detected',
         '%ASA-3-713142: Client did not report firewall in use, but there
      is a configured firewall: action tunnel. Expected'
      );
      
      my($error);
      foreach my $error (@array) {
         if ($errror =~ /(^%[\w.-]+[\d.-][\w.-]):\s?(.*?)/) {
             print "1N: $1 E: $2\n";
         } elsif ($error =~ /(%.*?)\s--\s(.*)/) {
             print "2N: $1 E: $2\n";
         } elsif ($error =~ /(%.*?):\s?(.*)/) {
             print "3N: $1 E: $2\n";
         } elsif ($error =~ /(%.*?):?\s(.*)/) {
             print "4N: $1 E: $2\n";
         } elsif ($error =~ /(%.*?)\s(.*)/) {
             print "5N: $1 E: $2\n";
         }
      }
      
      Why is the output:
      2N: %ASA-7-715064 E: IKE Peer included IKE fragmentation capability flags
      3N: %AUTH/85 E: LAN-to-LAN tunnel to headend device %s disconnected
      3N: %AUTH/75 E: ACE_DeleteServerFromhash() - entry deletion fails
      3N: %ASA-5-713137 E: Reaper overriding refCnt [ref_count] and tunnelCnt [tunnel_count]
      3N: %ASA-3-713141 E: Client-reported firewall does not match configured firewall: action tunnel. Received
      3N: %camr_TOASTER-2-STALL E: Toaster Stall detected
      3N: %ASA-3-713142 E: Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected
      
      ASA-5-713137 (among others) should match on rule 1, but it's not???

      What am I missing?

What I'm trying to do:
1st rule is to catch everything matching %TEXT-DIGIT-TEXT:
Which is about 99% of the incoming data (this is the standard for syslog message formats)
Everything else, I just need to make sure that it separates the error from the description -- not all errors follow the proper syntax as you can see from the example array.
0
Comment
Question by:cdukes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 25

Expert Comment

by:clockwatcher
ID: 17022636
Am I missing something?  I'm tired but just glancing,

   '%ASA-5-713137: Reaper

doesn't match %TEXT-DIGIT-TEXT.  It matches %TEXT(-DIGIT){2}:

So, in your supplied regex it looks to me like it would match up to here:

    ^%[\w.-]+[\d.-]

but then fail at the next step:

  ^%[\w.-]+[\d.-][\w.-]):

I don't see what word character it's supposed to match after the last 7?

Maybe this is what you're after?

  /^(%[\w]+(?:-[\d]+){2}):\s*(.*)/
0
 
LVL 25

Expert Comment

by:clockwatcher
ID: 17022693
Told you I was tired.  Looking back at it:

/(^%[\w.-]+[\d.-][\w.-]):\s?(.*?)/

It appears that ought to match to me too.  And testing it, it matches for me.

  $_ ='%ASA-5-713137: Reaper overriding refCnt [ref_count] and tunnelCnt
        [tunnel_count]';
  print "$1\n$2\n" if /(^%[\w.-]+[\d.-][\w.-]):\s?(.*?)/;
 
outputs:

%ASA-5-713137

Which makes sense with the (.*?) you've got on the end there -- probably wanted (.*) to actually grab something or might wanted to have followed it up with something to make the non-greedy match zero or more anything actually pick something up.

0
 
LVL 25

Assisted Solution

by:clockwatcher
clockwatcher earned 350 total points
ID: 17022700
This:

   if ($errror =~ /(^%[\w.-]+[\d.-][\w.-]):\s?(.*?)/) {

Needs to be:

   if ($error =~ /(^%[\w.-]+[\d.-][\w.-]):\s?(.*?)/) {
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 17

Expert Comment

by:mjcoyne
ID: 17023987
BTW, either "use strict" or "use warnings" would have picked this up right away:

Name "main::errror" used only once: possible typo at <script name> line 18.

I always use both -- I know it saves me a lot of aggravation...
0
 

Author Comment

by:cdukes
ID: 17024674
Hmn,
This works:
if ($error =~ /(^%[\w.-]+[\d.-][\w.-]):\s?(.*?)/) {

But only catches Part 1 of rule 1, $2 (E:) isn't printing out?

2N: %ASA-7-715064 E: IKE Peer included IKE fragmentation capability flags
3N: %AUTH/85 E: LAN-to-LAN tunnel to headend device %s disconnected
3N: %AUTH/75 E: ACE_DeleteServerFromhash() - entry deletion fails
1N: %ASA-5-713137 E:
1N: %ASA-3-713141 E:
3N: %camr_TOASTER-2-STALL E: Toaster Stall detected
1N: %ASA-3-713142 E:
0
 
LVL 25

Expert Comment

by:clockwatcher
ID: 17025015
(.*?) matches zero or more anything except newline non-greedy... if you don't follow it up with anything zero or more non-greedy is going to match zero.  It's pointless to end with it.  You'd need to follow it up with something to tell it where to stop if you wanted it actually grab something.


0
 
LVL 17

Accepted Solution

by:
mjcoyne earned 150 total points
ID: 17026254
Does it work if you change:

if ($error =~ /(^%[\w.-]+[\d.-][\w.-]):\s?(.*?)/) {

to

if ($error =~ /(^%[\w.-]+[\d.-][\w.-]):\s?(.*)/) {

or

if ($error =~ /(^%[\w.-]+[\d.-][\w.-]):\s?(.*\n)?/) {


It's tough without seeing an example of what you're trying to capture here...
0
 

Author Comment

by:cdukes
ID: 17028790
if ($error =~ /(^%[\w.-]+[\d.-][\w.-]):\s?(.*)/) {

Worked, Thanks!!!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've just discovered very important differences between Windows an Unix formats in Perl,at least 5.xx.. MOST IMPORTANT: Use Unix file format while saving Your script. otherwise it will have ^M s or smth likely weird in the EOL, Then DO NOT use m…
I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question