Regular Expressions 101

Community Patterns

Community Library Entry

1

Regular Expression
PCRE (PHP <7.3)

/
<AUDT:INFO>.(?<date>\d+.\d+.\d+) (?:\d+:\d+:\d+) (?:\d+.\d+.\d+.\d+) (?:.*(?<subject>Failed 'Active Directory' login attempt)(?:.\w+.\w+)(?<impacteduser>.*?'\W))\w+.\w+.\w+.\w+.'(?<sip>.\d+.\d+.\d+.\d+)'
/
gm

Description

PasswordState Failed User Logon Dev Area

Mapped: SIP DIP Account Subject

Submitted by mh - 4 years ago