Regex For juniper ssg syslog

I want to get the  bold parts from the following sentences in the code :

as you should see there are 2 types of sentence :

1.
SSG520: NetScreen device_id=0156052006000296 [Root]system-critical-00440: Fragmented traffic! From 124.27.173.71:445 to 77.223.156.149:4044, proto TCP (zone V1-Untrust int v1-untrust). Occurred 1 times. (2011-12-22 03:45:06)

2.
SSG520: NetScreen device_id=0156052006000296 [Root]system-notification-00257(traffic): start_time="2011-12-22 03:44:05" duration=62 policy_id=2 service=udp/port:4041 proto=17 src zone=V1-Untrust dst zone=V1-Trust action=Permit sent=144 rcvd=348 src=46.237.101.9 dst=77.223.156.33 src_port=9137 dst_port=4041 src-xlated ip=46.237.101.9 port=9137 dst-xlated ip=77.223.156.33 port=4041 session_id=104346 reason=Close - AGE OUT


SSG520: NetScreen device_id=0156052006000296 [Root]system-notification-00257(traffic): start_time="2011-12-22 03:44:05" duration=62 policy_id=2 service=udp/port:4041 proto=17 src zone=V1-Untrust dst zone=V1-Trust action=Permit sent=144 rcvd=348 src=46.237.101.9 dst=77.223.156.33 src_port=9137 dst_port=4041 src-xlated ip=46.237.101.9 port=9137 dst-xlated ip=77.223.156.33 port=4041 session_id=104346 reason=Close - AGE OUT

SSG520: NetScreen device_id=0156052006000296 [Root]system-critical-00440: Fragmented traffic! From 124.27.173.71:445 to 77.223.156.149:4044, proto TCP (zone V1-Untrust int v1-untrust). Occurred 1 times. (2011-12-22 03:45:06)


SSG520: NetScreen device_id=0156052006000296 [Root]system-notification-00257(traffic): start_time="2011-12-22 03:44:06" duration=61 policy_id=2 service=udp/port:62402 proto=17 src zone=V1-Untrust dst zone=V1-Trust action=Permit sent=104 rcvd=114 src=82.244.189.171 dst=77.223.156.152 src_port=51413 dst_port=62402 src-xlated ip=82.244.189.171 port=51413 dst-xlated ip=77.223.156.152 port=62402 session_id=111814 reason=Close - AGE OUT	

SSG520: NetScreen device_id=0156052006000296 [Root]system-alert-00012: UDP flood! From 77.223.156.1:60155 to 77.223.158.227:514, proto UDP (zone V1-Untrust int v1-untrust). Occurred 2 times. (2011-12-22 03:45:06)

Open in new window

3XLcomAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

käµfm³d 👽Commented:
What language are you using to parse the log?
0
Terry WoodsIT GuruCommented:
.NET if it's the same as his previous question.
0
Terry WoodsIT GuruCommented:
(Will leave this one for you kaufmed, if you're around...)
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

3XLcomAuthor Commented:
.net sorry :D
0
3XLcomAuthor Commented:
do not need panic i have one last regex question for now :)

http://www.experts-exchange.com/Programming/Languages/Regular_Expressions/Q_27506626.html
0
Terry WoodsIT GuruCommented:
Seems kaufmed's not around... 1st pattern:
(system-critical[^:\n]*:.*?)From\s(.*?)\sto\s([^,\n]*),\sproto\s([^(\n]*).*Occurred\s([^.\n]*)[^\d\n]*(\d[^)\n]*)

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Terry WoodsIT GuruCommented:
2nd pattern:
(system-notification[^(\n]*)\(([^)\n]*)[^"\n]*"([^"\n]*).*?=(\d+).*?service=(.*?)\sproto=(\d+).*?action=(.*?)\ssent=(\d+).*rcvd=(\d+).*src=(.*?)\sdst=(.*?)\ssrc_port=(\d+)
0
käµfm³d 👽Commented:
Seems kaufmed's not around...
Busy day  = )
0
3XLcomAuthor Commented:
i am sorry for late response
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Regular Expressions

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.