cdukes
asked on
Perl Regex help needed
#!/usr/local/bin/perl
my @array = ('%ASA-7-715064 -- IKE Peer included IKE fragmentation
capability flags',
'%AUTH/85:LAN-to-LAN tunnel to headend device %s disconnected',
'%AUTH/75:ACE_DeleteServer Fromhash() - entry deletion fails',
'%ASA-5-713137: Reaper overriding refCnt [ref_count] and tunnelCnt
[tunnel_count]',
'%ASA-3-713141: Client-reported firewall does not match configured
firewall: action tunnel. Received ',
'%camr_TOASTER-2-STALL: Toaster Stall detected',
'%ASA-3-713142: Client did not report firewall in use, but there
is a configured firewall: action tunnel. Expected'
);
my($error);
foreach my $error (@array) {
if ($errror =~ /(^%[\w.-]+[\d.-][\w.-]):\ s?(.*?)/) {
print "1N: $1 E: $2\n";
} elsif ($error =~ /(%.*?)\s--\s(.*)/) {
print "2N: $1 E: $2\n";
} elsif ($error =~ /(%.*?):\s?(.*)/) {
print "3N: $1 E: $2\n";
} elsif ($error =~ /(%.*?):?\s(.*)/) {
print "4N: $1 E: $2\n";
} elsif ($error =~ /(%.*?)\s(.*)/) {
print "5N: $1 E: $2\n";
}
}
Why is the output:
2N: %ASA-7-715064 E: IKE Peer included IKE fragmentation capability flags
3N: %AUTH/85 E: LAN-to-LAN tunnel to headend device %s disconnected
3N: %AUTH/75 E: ACE_DeleteServerFromhash() - entry deletion fails
3N: %ASA-5-713137 E: Reaper overriding refCnt [ref_count] and tunnelCnt [tunnel_count]
3N: %ASA-3-713141 E: Client-reported firewall does not match configured firewall: action tunnel. Received
3N: %camr_TOASTER-2-STALL E: Toaster Stall detected
3N: %ASA-3-713142 E: Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected
ASA-5-713137 (among others) should match on rule 1, but it's not???
What am I missing?
What I'm trying to do:
1st rule is to catch everything matching %TEXT-DIGIT-TEXT:
Which is about 99% of the incoming data (this is the standard for syslog message formats)
Everything else, I just need to make sure that it separates the error from the description -- not all errors follow the proper syntax as you can see from the example array.
my @array = ('%ASA-7-715064 -- IKE Peer included IKE fragmentation
capability flags',
'%AUTH/85:LAN-to-LAN tunnel to headend device %s disconnected',
'%AUTH/75:ACE_DeleteServer
'%ASA-5-713137: Reaper overriding refCnt [ref_count] and tunnelCnt
[tunnel_count]',
'%ASA-3-713141: Client-reported firewall does not match configured
firewall: action tunnel. Received ',
'%camr_TOASTER-2-STALL: Toaster Stall detected',
'%ASA-3-713142: Client did not report firewall in use, but there
is a configured firewall: action tunnel. Expected'
);
my($error);
foreach my $error (@array) {
if ($errror =~ /(^%[\w.-]+[\d.-][\w.-]):\
print "1N: $1 E: $2\n";
} elsif ($error =~ /(%.*?)\s--\s(.*)/) {
print "2N: $1 E: $2\n";
} elsif ($error =~ /(%.*?):\s?(.*)/) {
print "3N: $1 E: $2\n";
} elsif ($error =~ /(%.*?):?\s(.*)/) {
print "4N: $1 E: $2\n";
} elsif ($error =~ /(%.*?)\s(.*)/) {
print "5N: $1 E: $2\n";
}
}
Why is the output:
2N: %ASA-7-715064 E: IKE Peer included IKE fragmentation capability flags
3N: %AUTH/85 E: LAN-to-LAN tunnel to headend device %s disconnected
3N: %AUTH/75 E: ACE_DeleteServerFromhash()
3N: %ASA-5-713137 E: Reaper overriding refCnt [ref_count] and tunnelCnt [tunnel_count]
3N: %ASA-3-713141 E: Client-reported firewall does not match configured firewall: action tunnel. Received
3N: %camr_TOASTER-2-STALL E: Toaster Stall detected
3N: %ASA-3-713142 E: Client did not report firewall in use, but there is a configured firewall: action tunnel. Expected
ASA-5-713137 (among others) should match on rule 1, but it's not???
What am I missing?
What I'm trying to do:
1st rule is to catch everything matching %TEXT-DIGIT-TEXT:
Which is about 99% of the incoming data (this is the standard for syslog message formats)
Everything else, I just need to make sure that it separates the error from the description -- not all errors follow the proper syntax as you can see from the example array.
Told you I was tired. Looking back at it:
/(^%[\w.-]+[\d.-][\w.-]):\ s?(.*?)/
It appears that ought to match to me too. And testing it, it matches for me.
$_ ='%ASA-5-713137: Reaper overriding refCnt [ref_count] and tunnelCnt
[tunnel_count]';
print "$1\n$2\n" if /(^%[\w.-]+[\d.-][\w.-]):\ s?(.*?)/;
outputs:
%ASA-5-713137
Which makes sense with the (.*?) you've got on the end there -- probably wanted (.*) to actually grab something or might wanted to have followed it up with something to make the non-greedy match zero or more anything actually pick something up.
/(^%[\w.-]+[\d.-][\w.-]):\
It appears that ought to match to me too. And testing it, it matches for me.
$_ ='%ASA-5-713137: Reaper overriding refCnt [ref_count] and tunnelCnt
[tunnel_count]';
print "$1\n$2\n" if /(^%[\w.-]+[\d.-][\w.-]):\
outputs:
%ASA-5-713137
Which makes sense with the (.*?) you've got on the end there -- probably wanted (.*) to actually grab something or might wanted to have followed it up with something to make the non-greedy match zero or more anything actually pick something up.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BTW, either "use strict" or "use warnings" would have picked this up right away:
Name "main::errror" used only once: possible typo at <script name> line 18.
I always use both -- I know it saves me a lot of aggravation...
Name "main::errror" used only once: possible typo at <script name> line 18.
I always use both -- I know it saves me a lot of aggravation...
ASKER
Hmn,
This works:
if ($error =~ /(^%[\w.-]+[\d.-][\w.-]):\ s?(.*?)/) {
But only catches Part 1 of rule 1, $2 (E:) isn't printing out?
2N: %ASA-7-715064 E: IKE Peer included IKE fragmentation capability flags
3N: %AUTH/85 E: LAN-to-LAN tunnel to headend device %s disconnected
3N: %AUTH/75 E: ACE_DeleteServerFromhash() - entry deletion fails
1N: %ASA-5-713137 E:
1N: %ASA-3-713141 E:
3N: %camr_TOASTER-2-STALL E: Toaster Stall detected
1N: %ASA-3-713142 E:
This works:
if ($error =~ /(^%[\w.-]+[\d.-][\w.-]):\
But only catches Part 1 of rule 1, $2 (E:) isn't printing out?
2N: %ASA-7-715064 E: IKE Peer included IKE fragmentation capability flags
3N: %AUTH/85 E: LAN-to-LAN tunnel to headend device %s disconnected
3N: %AUTH/75 E: ACE_DeleteServerFromhash()
1N: %ASA-5-713137 E:
1N: %ASA-3-713141 E:
3N: %camr_TOASTER-2-STALL E: Toaster Stall detected
1N: %ASA-3-713142 E:
(.*?) matches zero or more anything except newline non-greedy... if you don't follow it up with anything zero or more non-greedy is going to match zero. It's pointless to end with it. You'd need to follow it up with something to tell it where to stop if you wanted it actually grab something.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
if ($error =~ /(^%[\w.-]+[\d.-][\w.-]):\ s?(.*)/) {
Worked, Thanks!!!
Worked, Thanks!!!
'%ASA-5-713137: Reaper
doesn't match %TEXT-DIGIT-TEXT. It matches %TEXT(-DIGIT){2}:
So, in your supplied regex it looks to me like it would match up to here:
^%[\w.-]+[\d.-]
but then fail at the next step:
^%[\w.-]+[\d.-][\w.-]):
I don't see what word character it's supposed to match after the last 7?
Maybe this is what you're after?
/^(%[\w]+(?:-[\d]+){2}):\s