use strict;
my $str = 'Jan 29 06:32:56 172.16.23.26 Jan 29 06:30:27 : CEF:0|ABCD Networks|NAC-VM-C|8.6.2.1203|-1|IP Address Update|1|rt=Jan 29 06:30:27 877 EST cat=EndStation src=10.10.14.58 smac=FA:39:71:6F:B3:43 shost=iPhone cs1Label=Physical<space>network<space>location cs1=AMNYPARU535A-FL37-VIP ROLE mobile msg=Adapter FA:39:71:6F:B3:43 IP Address changed from 10.10.14.53 to 10.10.14.58
Jan 28 21:22:51 172.16.23.26 Jan 28 21:20:24 : CEF:0|ABCD Networks|FortiNAC-VM-C|8.6.2.1203|-1|IP Address Update|1|rt=Jan 28 21:20:24 110 EST cat=EndStation src=10.3.38.61 smac=EA:19:49:37:10:73 shost=TsutomunoiPhone cs1Label=Physical<space>network<space>location cs1=APTOKARU535A-VIP ROLE mobile msg=Adapter EA:19:49:37:10:73 IP Address changed from 100.64.241.38 to 10.3.38.61
Jan 29 10:52:59 172.16.23.26 Jan 29 10:50:30 : CEF:0|ABCD Networks|NAC-VM-C|8.6.2.1203|303067011|Rogue Connected|1|rt=Jan 29 10:50:30 523 EST cat=EndStation smac=42:DE:D8:19:D2:69 cs1Label=Physical<space>network<space>location cs1=EUPARARU535A [10.2.32.198]-VIP ROLE registration msg=Rogue Host 42:DE:D8:19:D2:69 Connected to EUPARARU535A [10.2.32.198]-VIP ROLE registration.';
my $regex = qr/^(?:[^>\n]*>){2}\w+\s+\w+\d+\=(?P<cs_details>\w+[ -])/mp;
if ( $str =~ /$regex/g ) {
print "Whole match is ${^MATCH} and its start/end positions can be obtained via \$-[0] and \$+[0]\n";
# print "Capture Group 1 is $1 and its start/end positions can be obtained via \$-[1] and \$+[1]\n";
# print "Capture Group 2 is $2 ... and so on\n";
}
# ${^POSTMATCH} and ${^PREMATCH} are also available with the use of '/p'
# Named capture groups can be called via $+{name}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Perl, please visit: http://perldoc.perl.org/perlre.html