Regular Expressions 101

Community Patterns

Plugin Oracle Alienvault LOGINS default

0

Regular Expression
PCRE (PHP <7.3)

/
(?P<syslog_date>\S+\s+\d+\s+\d+:\d+:\d+)\s+0\s+(?P<log_date>\d+-\d+-\d+T\d+:\s\d+:\d+[^\s]+)\s+.*?(?:(?P<device>[^\s:]+)\s+)?(?P<application>ora_[^\s:]+_Audit)\s+-\s+-\s+Audit\[\d+\]:\s+(?:[^]]+]\s+)?(?:LENGTH:\s+\"(?P<length>\d+)\".*?)?SESSIONID:(?:\[\d+\])?\s+\"(?P<sessionid>\d+)\".*?ENTRYID:(?:\[\d+\])?\s+\"(?P<entryid>\d+)\".*?(?:STATEMENT:(?:\[\d+\])?\s+\"(?P<statement>.*?)\")?.*?USERID:(?:\[\d+\])?\s+\"(?P<userid>.*?)\".*?(?:USERHOST:(?:\[\d+\])\s+"(?:(?P<host_domain>[^\\"]+)\\+)?(?P<userhost>[^"]*)")?\s+(?:TERMINAL:(?:\[\d+\])\s+"(?P<terminal>[^"]*)"\s+)?ACTION:(?:\[\d+\])?\s+\"(?P<action>\d+)\".*?RETURNCODE:(?:\[\d+\])?\s+\"(?P<code>.*?)\".*?(?:COMMENT\$TEXT:(?:\[\d+\])?.*?\"Authenticated\s+by:\s+(?P<auth_by>\S+)(?:\;\s+Client\s+address:\s+\(ADDRESS\=\(PROTOCOL\=tcp\)\(HOST\=(?P<host>\d+\.\d+\.\d+\.\d+)\)\(PORT\=(?P<port>\d+)\)\).*?|"\s+)|OBJ\$CREATOR:(?:\[\d+\])?\s+\"(?P<objcreator>[^"]*)"\s+.*?OBJ\$NAME:(?:\[\d+\])?\s+\"(?P<objname>[^"]*)"\s+)OS\$USERID:(?:\[\d+\])?\s+\"(?P<osuserid>[^"]*)"\s*(?:(?!PRIV\$)\S+\s+)*(?:PRIV\$USED:(?:\[\d+\])?\s+"(?P<priv>[^"]*)")?
/
gm

Description

no description available

Submitted by anonymous - 4 years ago