Regular Expressions 101

Community Patterns

1...45678...598

Auth.log Parsing

0

Regular Expression
PCRE2 (PHP >=7.3)

/
^(?<month>\S{3})? {1,2}(?<day>\S+) (?<time>\S+) (?<hostname>\S+) (?<process>.+?(?=\[)|.+?(?=))[^a-zA-Z0-9](?<pid>\d{1,7}|)[^a-zA-Z0-9]{1,3}(?<info>.*)$
/
gm

Description

Parses the auth log on standard linux machines into useful groups.

Submitted by Jason King - a year ago (Last modified a year ago)