using System;
using System.Text.RegularExpressions;
public class Example
{
public static void Main()
{
string pattern = @"^.*?vd=""(?<group>[^""]+).*?logid=""(?<vmid>0201009233).*?service=""(?<protname>[^""]+).*?srcip=(?<sip>[0-9.]+)\sdstip=(?<dip>[0-9.]+)\ssrcport=(?<sport>\d+)\sdstport=(?<dport>\d+)\ssrcintf=""(?<sinterface>[^""]+)"".*?dstintf=""(?<dinterface>[^""]+).*?filename=""(?<object>[^""]+)""\surl=""(?<url>[^""]+)""\sprofile=""(?<subject>[^""]+)""";
string input = @"11 25 2018 14:15:38 10.196.30.10 <LOC7:INFO> logver=56 timestamp=1543144537 tz=""UTC+3"" devname=""SBA-EXTFW-HA_FG380D"" devid=""FG380D3917800025"" vd=""SBAEXT-ENT"" date=2018-11-25 time=14:15:37 logid=""0201009233"" type=""utm"" subtype=""virus"" eventtype=""analytics"" level=""information"" eventtime=1543144537 msg=""File submitted to Sandbox."" action=""analytics"" service=""HTTP"" sessionid=3140767419 srcip=10.192.32.74 dstip=18.130.185.128 srcport=42110 dstport=80 srcintf=""DMZ-1150-int"" srcintfrole=""dmz"" dstintf=""Outside-1050"" dstintfrole=""wan"" policyid=7253 proto=6 direction=""incoming"" filename=""jquery.js,qver=1.12.4.pagespeed.jm.pPCPAKkkss.js"" url=""http://www.citygroupco.com/wp-includes/js/jquery/jquery.js,qver=1.12.4.pagespeed.jm.pPCPAKkkss.js"" profile=""AV_Block"" agent=""Chrome/70.0.3538.102"" analyticscksum=""cdfe845b25091a21147fe4a683515b000208ae4f67810f243d7bf96bc3484115"" analyticssubmit=""true""
11 25 2018 14:15:38 10.196.30.10 <LOC7:INFO> logver=56 timestamp=1543144537 tz=""UTC+3"" devname=""SBA-EXTFW-HA_FG380D"" devid=""FG380D3917800025"" vd=""SBAEXT-ENT"" date=2018-11-25 time=14:15:37 logid=""0201009233"" type=""utm"" subtype=""virus"" eventtype=""analytics"" level=""information"" eventtime=1543144537 msg=""File submitted to Sandbox."" action=""analytics"" service=""HTTP"" sessionid=3140262543 srcip=10.192.32.71 dstip=45.249.214.3 srcport=18875 dstport=80 srcintf=""DMZ-1150-int"" srcintfrole=""dmz"" dstintf=""Outside-1050"" dstintfrole=""wan"" policyid=7253 proto=6 direction=""incoming"" filename=""secars.dll"" url=""http://antivirus-update.huawei.com/secars/secars.dll?h=663C7E3A477A8DA9AB38886A4119CA8932856F05821B1E2C73EECD0E039E2A25BD45457B13FEAAFBAA4E3769B3097826FF6B87B6AF1503C54C86090FE92E03BA2E0A110B96AD10AFCA9E7918132B441587FDB97002CA3E6EC2E1AB6611E4347B8D9DF57961E9866C47098FD3C9EF66817CBB6867F30255269EC68D2EE6C53DC062A68E94C0581D1C0AEB0D55F536993C4D7FD76665FAA7B3562ADF5AFBF087731E9CCC3CF81F52D13BB98E82B5F862D47B4CC1055C8309361635540E7300F868DA84B03D4BAF1984AA7CF500A961021C54CA4BB497B241E5322A7E217A72F92B33261F49"" profile=""AV_Block"" analyticscksum=""ad53d3f73f343d584837984155c5dbac409202f6b2241c5b0f10ed454f563ead"" analyticssubmit=""true""
11 25 2018 14:15:37 10.196.30.10 <LOC7:INFO> logver=56 timestamp=1543144536 tz=""UTC+3"" devname=""SBA-EXTFW-HA_FG380D"" devid=""FG380D3917800025"" vd=""SBAEXT-ENT"" date=2018-11-25 time=14:15:36 logid=""0201009233"" type=""utm"" subtype=""virus"" eventtype=""analytics"" level=""information"" eventtime=1543144536 msg=""File submitted to Sandbox."" action=""analytics"" service=""HTTP"" sessionid=3140675095 srcip=10.192.32.71 dstip=108.167.172.191 srcport=4543 dstport=80 srcintf=""DMZ-1150-int"" srcintfrole=""dmz"" dstintf=""Outside-1050"" dstintfrole=""wan"" policyid=7253 proto=6 direction=""incoming"" filename=""video_bg.jpg"" url=""http://www.borcaller.com/public/all/rtl/images/video_bg.jpg"" profile=""AV_Block"" agent=""Chrome/70.0.3538.102"" analyticscksum=""47a1bf1a36075b4b78ef0488166a617524a6465e8ab02006593e06aa03d7f263"" analyticssubmit=""true""";
RegexOptions options = RegexOptions.Multiline;
foreach (Match m in Regex.Matches(input, pattern, options))
{
Console.WriteLine("'{0}' found at index {1}.", m.Value, m.Index);
}
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for C#, please visit: https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex(v=vs.110).aspx