// include the latest version of the regex crate in your Cargo.toml
extern crate regex;
use regex::Regex;
fn main() {
let regex = Regex::new(r#"(?m)ASM:unit_hostname=.*?policy_name="(?<policy>.*?)".*?violations="(?<threatid>.*?)".*?request_status="(?<tag2>(?<status>\w+))",response_code="(?<responsecode>\d+)".*?ip_client="(?<sip>.*?)".*?method="(?<command>\w+)",protocol="(?<protname>.*?)"(,query_string="(?<tag3>.*?)")?(.*?severity="(?<severity>.*?)")?(,attack_type="(?<tag1>(?<threatname>.*?))")?(.*?username="(n\/a|(?<login>.*?))")?(,session_id="(?<session>.*?)")?(,src_port="(?<sport>\d+)")?(,dest_port="(?<dport>\d+)")?(,dest_ip="(?<dip>.*?)")?(,sub_violations="(?<reason>.*?)")?(.*?sig_cved="(?<threatId>.*?)")?(.*?uri="(?<url>.*?)")?.*?request="(?<objectname>(.*?Host: (?<dname>.*?)\\r\\n)?(.*?User-Agent:(?<useragent>.*?)\\r\\n)?(.*?Referer:(?<object>.*?)\\r\\n)?(.*?Message%22:%22(?<subject>.*?)%22)?.*?)$"#).unwrap();
let string = "05 19 2022 12:57:11 2.0.0.5 <LOC0:INFO> May 19 12:57:11 test2xxxx.com ASM:unit_hostname=\"test2xxxx.com\",management_ip_address=\"10.1.1.1\",management_ip_address_2=\"::\",http_class_name=\"/Common/policy\",web_application_name=\"/Common/policy\",policy_name=\"/Common/policy\",policy_apply_date=\"2022-05-18 10:34:52\",violations=\"N/A\",support_id=\"11111111111111111111111111\",request_status=\"passed\",response_code=\"200\",ip_client=\"8.0.1.7\",route_domain=\"922\",method=\"POST\",protocol=\"HTTPS\",query_string=\"\",x_forwarded_for_header_value=\"8.0.1.7\",sig_ids=\"N/A\",sig_names=\"N/A\",date_time=\"2022-05-19 12:57:11\",severity=\"Informational\",attack_type=\"N/A\",geo_location=\"SA\",ip_address_intelligence=\"N/A\",username=\"N/A\",session_id=\"dddddddddddddddddddddd\",src_port=\"23762\",dest_port=\"443\",dest_ip=\"2.2.2.2\",sub_violations=\"N/A\",virus_name=\"N/A\",violation_rating=\"0\",websocket_direction=\"N/A\",websocket_message_type=\"N/A\",device_id=\"N/A\",staged_sig_ids=\"N/A\",staged_sig_names=\"N/A\",threat_campaign_names=\"N/A\",staged_threat_campaign_names=\"N/A\",blocking_exception_reason=\"N/A\",captcha_result=\"not_received\",microservice=\"N/A\",tap_event_id=\"N/A\",tap_vid=\"N/A\",vs_name=\"/Common/RAI_web\",sig_cves=\"N/A\",staged_sig_cves=\"N/A\",uri=\"/api/surveyssettings/update\",fragment=\"\",request=\"POST /api/surveyssettings/update HTTP/1.1\\r\\nHost: rai.xxxx.com\\r\\nConnection: keep-alive\\r\\nContent-Length: 601\\r\\nsec-ch-ua: %22 Not A;Brand%22;v=%2299%22, %22Chromium%22;v=%22101%22, %22Google Chrome%22;v=%22101%22\\r\\nAccept: application/json, text/plain, */*\\r\\nLang: ar\\r\\nsec-ch-ua-mobile: ?0\\r\\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36\\r\\nsec-ch-ua-platform: %22Windows%22\\r\\nContent-Type: application/json;charset=UTF-8\\r\\nOrigin: https://rai.xxxx.com\\r\\nSec-Fetch-Site: same-origin\\r\\nSec-Fetch-Mode: cors\\r\\nSec-Fetch-Dest: empty\\r\\nAccept-Encoding: gzip, deflate, br\\r\\nAccept-Language: en,ar;q=0.9,en-US;q=0.8\\r\\nCookie: .AspNetCore.Culture=c%3Dar-SA%7Cuic%3Dar-SA; BPBBBBBBB=d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5; dm2=!v87cvbt78ffdv76tv87ht87vtsdb879bt879ftb7s6dbt87asdtf786astd7b6as76dftba87fa76sdfbt876asdtbf76sndtb7asdf76t7d6ft76dtbf/OUM=; .AspNetCore.Cookies=f7h5765hs87df5h8s7d6f5hf587s6dfh876sdfh765dfh675sfdsdf7g5fg675fd76g-ftf54-562PlNFc546v54v6hYJrSOhPPIfbpzCvi8rhMZUv0ub8sf8nXwUv45634v5vkhrB-45656WRv54654HI-_54yhg5CFuQ05QmPP6trytrye0ch2trP-rtfoNvDeWNMqZmuslvCMRrghUrpl8C8xu-zeaserytOYtIJZw25v9u42i40S-456756ujMrtysrtyjb-dtru56h_g6; BP404e1a15=408a4314117c2e61ghjgfhgfhfh88709870987hg9086dfgh986fg986fg98hj6dfg098h6fg9h854de21ea0a3790034b8919b02daa1bf81cf038f3d282781711\\r\\nX-Forwarded-For: 86.60.117.57\\r\\n\\r\\n{%22endDate%22:null,%22showProgressBar%22:null,%22collectEmail%22:null,%22isAnonymous%22:false,%22attachmentsId%22:null,%22surveyKey%22:%22CfDJ8OQ9_rktECJNqRvUhdqKqxP9-wJQSCczhFTirF_heCwZVV3YnmhnUIxvjigVY7duV6iL6v8rVeEfeeUNZsJR7Eo65eH62wPhGV5EFjLH456hfjHtTuuEJkfoCa_OJ0UQ%22,%22attachmentsTitle%22:null,%22confirmMessage%22:%22Thanks for your feedback%22,%22themeColor%22:null,%22backgroundColor%22:null,%22acceptNotification%22:true,%22objectKey%22:%2206950336-j560-dfjh65-8f92-hgfdrtuyrtu6d3%22,%22entityCode%22:%tuhtyu9_rktECJNqRvUhdqKqxO4456756jhfjfdD5fVruvMfOLS_Xq9vElFp9veszDJj-9O2FE-O5XfnV7vTd7gKrn1nwfgjhj657rJhg%22}\",response=\"Response logging disabled\"";
// result will be an iterator over tuples containing the start and end indices for each match in the string
let result = regex.captures_iter(string);
for mat in result {
println!("{:?}", mat);
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Rust, please visit: https://docs.rs/regex/latest/regex/