abkrim abkrim - 7 months ago 22
Perl Question

regex for multiple type os logs

I need extract Ip for logs and try search some example. For others lines log get several examples, but I am unable to apply to this case.

I'm bad programmer, and worse with regex. Try http://rubular.com but not I do not get the expression

Apr-28-16 04:16:33 [SSL-out] 111.111.111.111 warning: SMTP authentication failed;
Apr-28-16 04:28:35 222.222.222.222 warning: SMTP authentication failed;


I need extract IP when condition it's SMTP authentication failed with regex expression perl based, on bash script CSf firewall

Answer

If every line you want to capture has "SMTP authentication failed", this should do the trick. It captures the IP (in a rudimentary fashion) and puts it into $1 if there's an IP followed later by "SMTP authentication failed".

use warnings;
use strict;

while (<DATA>){
    if (/(\d+\.\d+\.\d+\.\d+)(?=.*?SMTP\s+authentication\s+failed)/){
        print "$1\n";
    }
}

__DATA__
Apr-28-16 04:16:33 [SSL-out] 111.111.111.111 warning: SMTP authentication failed;
Apr-28-16 04:16:33 [SSL-out] 111.111.111.112 warning: SMTP authentication success;
Apr-28-16 04:16:33 [SSL-out] 111.111.111.113 warning: SMTP authentication failed;
Apr-28-16 04:28:35 222.222.222.222 warning: SMTP authentication failed;

Output:

111.111.111.111
111.111.111.113
222.222.222.222