Regex Grab Only First Occurrence of IP from Syslog

Question

Regex Grab Only First Occurrence of IP from Syslog

1.6k views Asked by Joe At 13 September 2017 at 14:44

I need to put a RegEX into an OpenNMS config file. I am trying to grab just the first IP address from a syslog message. The format is:

Sep 13 08:36:37 192.168.75.254 %ASA-4-106023: Deny tcp src outside:144.5.5.255/
56607 dst inside:192.168.75.102/23 by access-group "outside_access_in" [0x0, 0x0]

So far I have:

\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}

Which will grab all three of the IP addresses. How do I limit it to one?

In the NMS config file I need to fill in these lines:

forwarding-regexp="regex here"
matching-group-host="2"
matching-group-message="3"

So I need a regex that will put just the first IP into a group, while creating a group for the entire Syslog message

Original Q&A

There are 1 answers

**Wiktor Stribiżew** · Accepted Answer · 2017-09-13 15:53:37

It seems you want

\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s*([\s\S]*)

See the regex demo

Details

\b - a word boundary
(\d{1,3}(?:\.\d{1,3}){3}) - Group 1:
- \d{1,3} - 1 to 3 digits
- (?:\.\d{1,3}){3} - 3 occurrences of a dot and then 1 to 3 digits (\d{3})
\s* - 0+ whitespaces
([\s\S]*) - Group 2: any zero or more chars as many as possible (* is a greedy quantifier).

TechQA.

Regex Grab Only First Occurrence of IP from Syslog

There are 1 answers

Related Questions in REGEX

Related Questions in SYSLOG

Related Questions in OPENNMS

Popular Questions

Popular Tags

Trending Questions