Regular Expressions 101

Save & Share

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/
gm

Test String

Code Generator

Language

Generated Code

$re = '/^(?<month>\S{3})? {1,2}(?<day>\S+) (?<time>\S+) (?<hostname>\S+) (?<process>.+?(?=\[)|.+?(?=))[^a-zA-Z0-9](?<pid>\d{1,7}|)[^a-zA-Z0-9]{1,3}(?<info>.*)$/m'; $str = 'Oct 2 02:21:02 init-adl-001 systemd-logind[613]: New session 516 of user initadm. Oct 2 02:21:02 init-adl-001 systemd: pam_unix(systemd-user:session): session opened for user initadm(uid=1000) by (uid=0) Oct 2 02:25:40 init-adl-001 sudo: initadm : TTY=pts/0 ; PWD=/data/caddy ; USER=root ; COMMAND=/usr/bin/docker compose down Oct 2 02:25:40 init-adl-001 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by initadm(uid=1000) Oct 2 02:25:42 init-adl-001 sudo: pam_unix(sudo:session): session closed for user root Oct 2 02:38:04 init-adl-001 sshd[674609]: Received disconnect from 61.245.144.92 port 31442:11: disconnected by user Oct 2 02:38:04 init-adl-001 sshd[674483]: pam_unix(sshd:session): session closed for user initadm Oct 2 02:38:04 init-adl-001 systemd-logind[613]: Session 516 logged out. Waiting for processes to exit. Oct 2 02:38:04 init-adl-001 systemd-logind[613]: Removed session 516. Sep 25 23:17:01 mail CRON[166728]: pam_unix(cron:session): session closed for user root Sep 25 23:32:02 mail auth: pam_unix(dovecot:auth): check pass; user unknown Sep 25 23:32:02 mail auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=support rhost=178.176.175.68 Sep 28 16:08:48 mail sshd[195853]: Connection from 61.245.144.92 port 50922 on 112.213.36.242 port 3940 rdomain "" Sep 28 16:08:48 mail sshd[195853]: Postponed publickey for xaraxadm from 61.245.144.92 port 50922 ssh2 [preauth] Sep 28 16:08:49 mail sshd[195853]: Accepted publickey for xaraxadm from 61.245.144.92 port 50922 ssh2: ED25519 SHA256:QZGnAVXHbGqSb+eA2RDBPUL9HZWhK201x/5jbVQKcxA Sep 28 16:08:49 mail sshd[195853]: pam_unix(sshd:session): session opened for user xaraxadm by (uid=0) Sep 28 16:08:49 mail systemd-logind[574]: New session 2112 of user xaraxadm. Sep 28 16:08:49 mail systemd: pam_unix(systemd-user:session): session opened for user xaraxadm by (uid=0) Sep 28 16:08:49 mail sshd[195853]: User child is on pid 195877 Sep 28 16:08:49 mail sshd[195877]: Starting session: shell on pts/0 for xaraxadm from 61.245.144.92 port 50922 id 0 Sep 26 10:17:01 mail CRON[172205]: pam_unix(cron:session): session closed for user root Sep 26 10:40:45 mail auth: pam_unix(dovecot:auth): check pass; user unknown Sep 26 10:40:45 mail auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=karlb rhost=185.30.177.49 Sep 26 11:17:01 mail CRON[172677]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 26 00:00:01 mail CRON[167057]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 26 00:00:01 mail CRON[167058]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 26 00:00:01 mail CRON[167058]: pam_unix(cron:session): session closed for user root Oct 5 02:41:01 init-adl-001 CRON[1059278]: pam_unix(cron:session): session closed for user smmsp Oct 5 02:44:22 init-adl-001 sshd[1059328]: error: kex_exchange_identification: banner line contains invalid characters Oct 5 02:44:22 init-adl-001 sshd[1059328]: banner exchange: Connection from 176.113.115.86 port 63918: invalid format Oct 5 03:00:01 init-adl-001 CRON[1069071]: pam_unix(cron:session): session opened for user smmsp(uid=114) by (uid=0) Oct 5 03:45:25 init-adl-001 systemd-logind[613]: Session 816 logged out. Waiting for processes to exit. Oct 5 03:45:25 init-adl-001 systemd-logind[613]: Removed session 816. Oct 5 05:31:32 init-adl-001 sshd[1079931]: Accepted publickey for initadm from 61.245.144.92 port 5550 ssh2: ED25519 SHA256:QZGnAVXHbGqSb+eA2RDBPUL9HZWhK201x/5jbVQKcxA Oct 21 04:47:44 fw sshd[31558]: Disconnecting: Too many authentication failures for root [preauth] Oct 21 04:47:44 fw sshd[31558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.0.125 user=root Oct 21 04:47:44 fw sshd[31558]: PAM service(sshd) ignoring max retries; 6 > 3 Oct 21 04:47:46 fw sshd[31562]: Failed password for root from 218.2.0.125 port 12277 ssh2 Oct 21 04:47:46 fw sshd[31581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.0.125 user=root Oct 21 04:47:48 fw sshd[31560]: message repeated 5 times: [ Failed password for root from 218.2.0.125 port 9188 ssh2] Oct 21 04:47:48 fw sshd[31560]: Disconnecting: Too many authentication failures for root [preauth] Oct 21 04:47:48 fw sshd[31560]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.0.125 user=root Oct 21 04:47:48 fw sshd[31560]: PAM service(sshd) ignoring max retries; 6 > 3 Oct 21 04:47:48 fw sshd[31581]: Failed password for root from 218.2.0.125 port 13148 ssh2 Oct 21 04:47:52 fw sshd[31595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.0.125 user=root Oct 21 04:47:55 fw sshd[31595]: Failed password for root from 218.2.0.125 port 14409 ssh2 Oct 21 04:47:55 fw CRON[31494]: pam_unix(cron:session): session closed for user clamav Oct 21 04:47:59 fw sshd[31562]: message repeated 5 times: [ Failed password for root from 218.2.0.125 port 12277 ssh2] Oct 21 04:47:59 fw sshd[31562]: Disconnecting: Too many authentication failures for root [preauth] Oct 21 04:47:59 fw sshd[31562]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.0.125 user=root Oct 21 04:47:59 fw sshd[31562]: PAM service(sshd) ignoring max retries; 6 > 3 Oct 21 04:47:59 fw sshd[31581]: message repeated 5 times: [ Failed password for root from 218.2.0.125 port 13148 ssh2] Oct 21 04:47:59 fw sshd[31581]: Disconnecting: Too many authentication failures for root [preauth] Oct 21 04:47:59 fw sshd[31581]: fatal: Write failed: Connection reset by peer [preauth] Oct 21 04:47:59 fw sshd[31581]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.0.125 user=root Oct 21 04:47:59 fw sshd[31581]: PAM service(sshd) ignoring max retries; 6 > 3 Oct 21 04:48:00 fw sshd[31595]: message repeated 2 times: [ Failed password for root from 218.2.0.125 port 14409 ssh2] Oct 5 05:31:32 init-adl-001 sshd[1079931]: pam_unix(sshd:session): session opened for user initadm(uid=1000) by (uid=0) Oct 5 05:31:32 init-adl-001 systemd-logind[613]: New session 835 of user initadm. Oct 5 05:31:32 init-adl-001 systemd: pam_unix(systemd-user:session): session opened for user initadm(uid=1000) by (uid=0) Oct 5 05:31:38 init-adl-001 sshd[1080056]: Received disconnect from 61.245.144.92 port 5550:11: disconnected by user Oct 5 05:31:38 init-adl-001 sshd[1079931]: pam_unix(sshd:session): session closed for user initadm Oct 5 05:31:38 init-adl-001 systemd-logind[613]: Session 835 logged out. Waiting for processes to exit. Oct 5 05:31:38 init-adl-001 systemd-logind[613]: Removed session 835. Oct 5 05:31:44 init-adl-001 sshd[1080068]: Connection closed by authenticating user root 61.245.144.92 port 5552 [preauth] Oct 5 05:31:45 init-adl-001 sshd[1080070]: Connection closed by authenticating user root 61.245.144.92 port 5554 [preauth] Oct 5 05:31:46 init-adl-001 sshd[1080072]: Connection closed by authenticating user root 61.245.144.92 port 5556 [preauth] Oct 5 05:31:57 init-adl-001 sshd[1080077]: Accepted publickey for initadm from 61.245.144.92 port 5458 ssh2: ED25519 SHA256:QZGnAVXHbGqSb+eA2RDBPUL9HZWhK201x/5jbVQKcxA Oct 3 08:17:01 init-adl-001 CRON[835419]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0) Oct 3 08:17:01 init-adl-001 CRON[835419]: pam_unix(cron:session): session closed for user root Oct 3 08:20:01 init-adl-001 CRON[835438]: pam_unix(cron:session): session opened for user smmsp(uid=114) by (uid=0) Oct 5 01:32:02 init-adl-001 sshd[1058589]: Accepted publickey for initadm from 61.245.144.92 port 5546 ssh2: ED25519 SHA256:QZGnAVXHbGqSb+eA2RDBPUL9HZWhK201x/5jbVQKcxA Oct 5 01:32:02 init-adl-001 sshd[1058589]: pam_unix(sshd:session): session opened for user initadm(uid=1000) by (uid=0) Oct 5 01:32:02 init-adl-001 systemd-logind[613]: New session 816 of user initadm. Oct 5 01:32:02 init-adl-001 systemd: pam_unix(systemd-user:session): session opened for user initadm(uid=1000) by (uid=0) '; preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0); // Print the entire match result var_dump($matches);

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php