Solved

Extracting a username from logs files using Regex

Posted on 2012-04-04
10
375 Views
Last Modified: 2012-06-27
Hi im trying to extract domain usernames from my juniper log files using regex however depending on the log message the fully qualified domain name isnt always displayed

See example below:

line 1:      juniper -ive -] domain/user1(realm) etc. etc.
Line2:      juniper -ive -] user2(realm) etc. etc.

i would like to extract just the username into a group so i'm trying to exclude the word "DOMAIN/" so far i have this:

\]\s(?!DOMAIN\/\b)([a-z_0-9]+)

however it only seems to capture user2

Thanks,
0
Comment
Question by:kchall
  • 5
  • 4
10 Comments
 
LVL 23

Expert Comment

by:wdosanjos
ID: 37806488
Please try:

(?<=]\s(\w+/)?)\w+(?=\(realm\))
0
 
LVL 73

Expert Comment

by:sdstuber
ID: 37806499
'\] (domain//)?([a-z_0-9]+)'

with a back reference of 2,  exact syntax for the back reference will depend on the language/library of the regexp
0
 
LVL 1

Author Comment

by:kchall
ID: 37806551
Wdosanjos that returned no matches,

I should add im using Rad software Expression Designer to test my regex's

Sdstuber im not sure what you mean, i'm using regex so i can pull out fields in my splunk log analyzer

Thanks,
0
 
LVL 23

Expert Comment

by:wdosanjos
ID: 37806581
Here is my test code (C#):
var rx = new Regex(@"(?<=]\s(\w+/)?)\w+(?=\(realm\))");
var tests = new string[]
{
"juniper -ive -] domain/user1(realm)",
"juniper -ive -] user2(realm)"
};

foreach (var test in tests)
{
    rx.Match(test).Value.Dump();
}

Open in new window

Output
user1
user2

Open in new window

0
 
LVL 1

Author Comment

by:kchall
ID: 37806743
screenshotHi Wdosanjos

when i run that it does in fact match user1 and user2 however i need to group the matches as well.

Also the word "realm" cannot be referenced as this can change as users logon to multiple realms
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 23

Expert Comment

by:wdosanjos
ID: 37806777
The expression to address multiple realms is:

(?<=]\s(\w+/)?)\w+(?=\(\w+\))

What do you mean by "group the matches"?  Please give an example.
0
 
LVL 1

Author Comment

by:kchall
ID: 37806849
Grouping Constructs using the ( and ) symbols
IE. if i wanted to just capture domain/user1 and user2 i would use \]\s([a-z0-9\/]+)
0
 
LVL 23

Assisted Solution

by:wdosanjos
wdosanjos earned 200 total points
ID: 37806946
Checking the ExplicitCapture option should resolve the grouping issue.
0
 
LVL 1

Accepted Solution

by:
kchall earned 0 total points
ID: 37810231
Sorry Wdosanjos i couldnt get your string to work. In the end i used the following

\]\s(?:DOMAIN\\*)?(.\w+)

Thanks anyways
0
 
LVL 1

Author Closing Comment

by:kchall
ID: 37826734
huh!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Please explain: Aspect Oriented Programming 2 85
Not needed 13 95
Regex code:separate email:ip from email:pass ? 6 47
This code tracks birthdays 3 61
Iteration: Iteration is repetition of a process. A student who goes to school repeats the process of going to school everyday until graduation. We go to grocery store at least once or twice a month to buy products. We repeat this process every mont…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now