Regular Expressions 101

Community Patterns

Readable fail2ban logs in AWS Cloudwatch

0

Regular Expression
PCRE2 (PHP >=7.3)

/
,"(?<date>\d\d\d\d-\d\d-\d\d)\ (?<time>\d\d:\d\d:\d\d).*\[(?<jail>sshd|recidive|mysqld-auth)\]\ (?<action>[a-zA-z]*)\ (?<ip_address>[\d\.]*)
/
gm

Description

Captures date, time, jail, action and ip address so they can be better formatted.

Submitted by dtwx - 2 years ago