$re = '/ASM:unit_hostname=.*?policy_name="(?<policy>.*?)".*?violations="(?<threatid>.*?)".*?request_status="(?<tag2>(?<status>\w+))",response_code="(?<responsecode>\d+)".*?ip_client="(?<sip>.*?)".*?method="(?<command>\w+)",protocol="(?<protname>.*?)"(,query_string="(?<tag3>.*?)")?(.*?severity="(?<severity>.*?)")?(,attack_type="(?<tag1>(?<threatname>.*?))")?(.*?username="(n\/a|(?<login>.*?))")?(,session_id="(?<session>.*?)")?(,src_port="(?<sport>\d+)")?(,dest_port="(?<dport>\d+)")?(,dest_ip="(?<dip>.*?)")?(,sub_violations="(?<reason>.*?)")?(.*?sig_cved="(?<threatId>.*?)")?(.*?uri="(?<url>.*?)")?.*?request="(?<objectname>(.*?Host: (?<dname>.*?)\\\\r\\\\n)?(.*?User-Agent:(?<useragent>.*?)\\\\r\\\\n)?(.*?Referer:(?<object>.*?)\\\\r\\\\n)?(.*?Message%22:%22(?<subject>.*?)%22)?.*?)$/m';
$str = '05 19 2022 12:57:11 2.0.0.5 <LOC0:INFO> May 19 12:57:11 test2xxxx.com ASM:unit_hostname="test2xxxx.com",management_ip_address="10.1.1.1",management_ip_address_2="::",http_class_name="/Common/policy",web_application_name="/Common/policy",policy_name="/Common/policy",policy_apply_date="2022-05-18 10:34:52",violations="N/A",support_id="11111111111111111111111111",request_status="passed",response_code="200",ip_client="8.0.1.7",route_domain="922",method="POST",protocol="HTTPS",query_string="",x_forwarded_for_header_value="8.0.1.7",sig_ids="N/A",sig_names="N/A",date_time="2022-05-19 12:57:11",severity="Informational",attack_type="N/A",geo_location="SA",ip_address_intelligence="N/A",username="N/A",session_id="dddddddddddddddddddddd",src_port="23762",dest_port="443",dest_ip="2.2.2.2",sub_violations="N/A",virus_name="N/A",violation_rating="0",websocket_direction="N/A",websocket_message_type="N/A",device_id="N/A",staged_sig_ids="N/A",staged_sig_names="N/A",threat_campaign_names="N/A",staged_threat_campaign_names="N/A",blocking_exception_reason="N/A",captcha_result="not_received",microservice="N/A",tap_event_id="N/A",tap_vid="N/A",vs_name="/Common/RAI_web",sig_cves="N/A",staged_sig_cves="N/A",uri="/api/surveyssettings/update",fragment="",request="POST /api/surveyssettings/update HTTP/1.1\\r\\nHost: rai.xxxx.com\\r\\nConnection: keep-alive\\r\\nContent-Length: 601\\r\\nsec-ch-ua: %22 Not A;Brand%22;v=%2299%22, %22Chromium%22;v=%22101%22, %22Google Chrome%22;v=%22101%22\\r\\nAccept: application/json, text/plain, */*\\r\\nLang: ar\\r\\nsec-ch-ua-mobile: ?0\\r\\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36\\r\\nsec-ch-ua-platform: %22Windows%22\\r\\nContent-Type: application/json;charset=UTF-8\\r\\nOrigin: https://rai.xxxx.com\\r\\nSec-Fetch-Site: same-origin\\r\\nSec-Fetch-Mode: cors\\r\\nSec-Fetch-Dest: empty\\r\\nAccept-Encoding: gzip, deflate, br\\r\\nAccept-Language: en,ar;q=0.9,en-US;q=0.8\\r\\nCookie: .AspNetCore.Culture=c%3Dar-SA%7Cuic%3Dar-SA; BPBBBBBBB=d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5; dm2=!v87cvbt78ffdv76tv87ht87vtsdb879bt879ftb7s6dbt87asdtf786astd7b6as76dftba87fa76sdfbt876asdtbf76sndtb7asdf76t7d6ft76dtbf/OUM=; .AspNetCore.Cookies=f7h5765hs87df5h8s7d6f5hf587s6dfh876sdfh765dfh675sfdsdf7g5fg675fd76g-ftf54-562PlNFc546v54v6hYJrSOhPPIfbpzCvi8rhMZUv0ub8sf8nXwUv45634v5vkhrB-45656WRv54654HI-_54yhg5CFuQ05QmPP6trytrye0ch2trP-rtfoNvDeWNMqZmuslvCMRrghUrpl8C8xu-zeaserytOYtIJZw25v9u42i40S-456756ujMrtysrtyjb-dtru56h_g6; BP404e1a15=408a4314117c2e61ghjgfhgfhfh88709870987hg9086dfgh986fg986fg98hj6dfg098h6fg9h854de21ea0a3790034b8919b02daa1bf81cf038f3d282781711\\r\\nX-Forwarded-For: 86.60.117.57\\r\\n\\r\\n{%22endDate%22:null,%22showProgressBar%22:null,%22collectEmail%22:null,%22isAnonymous%22:false,%22attachmentsId%22:null,%22surveyKey%22:%22CfDJ8OQ9_rktECJNqRvUhdqKqxP9-wJQSCczhFTirF_heCwZVV3YnmhnUIxvjigVY7duV6iL6v8rVeEfeeUNZsJR7Eo65eH62wPhGV5EFjLH456hfjHtTuuEJkfoCa_OJ0UQ%22,%22attachmentsTitle%22:null,%22confirmMessage%22:%22Thanks for your feedback%22,%22themeColor%22:null,%22backgroundColor%22:null,%22acceptNotification%22:true,%22objectKey%22:%2206950336-j560-dfjh65-8f92-hgfdrtuyrtu6d3%22,%22entityCode%22:%tuhtyu9_rktECJNqRvUhdqKqxO4456756jhfjfdD5fVruvMfOLS_Xq9vElFp9veszDJj-9O2FE-O5XfnV7vTd7gKrn1nwfgjhj657rJhg%22}",response="Response logging disabled"';
preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0);
// Print the entire match result
var_dump($matches);
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php