asked on

Help with powershell and regex

I am once again looking through log files. I am trying to use regex this time. The lines I'm looking for in these log files (480 log files) is like this... and the part I want to capture is the username

.DP translation from any:1#.1#0.##.##/137(LOCAL\username) to outside:7#.1##.6#.2##/239

Here is the script I'm trying. Where am I messing up?

$logfile         = "D:\fwtmp\Matches.txt"
$count           = 0 
$Matches         = 0
$var             = 0

$logs = get-content $logfile

Foreach ($line in $logs)
{ 
$regex = $line -match '\b\w(LOCAL\\w(?<Name>[^)]+))\w'
$name = $Matches['Name']

$name | add-Content d:\fwtmp\fwlogs.txt -PassThru
}

Open in new window

Thank you for your help

~m

ASKER CERTIFIED SOLUTION

oBdA

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

mbarnesseo

ASKER

oBda,
That worked.

'\(LOCAL\\(?<Name>.+?)\)'

Open in new window

Now can you explain to me why? I can see the differences but can you walk me through it?

Thank you
Mike

oBdA

\b\w(LOCAL\\w(?<Name>[^)]+))\w
\b\w - a word boundary, followed by single word character; won't match "137"
( - the opening bracket is a reserved character; you didn't escape it.
\\w - unsure if you wanted to match a backslash followed by a word character, or a backslash followed by a "w"; if the former, then the backslash would need to be escaped as well.
(?<Name>[^)]+) - the named group is correct; your '[^)]+' would work above as well.
) - the closing bracket from the username, but not escaped.
\w - a word character; this class does not include space, but the bracket is followed by one.

mbarnesseo

ASKER

Ok... I need more practice it seems and most likely more examples.

Thank you for your help.
Mike

mbarnesseo

ASKER

Thank you oBdA. You helped me once again.