use strict;
my $str = '16 input: in:ether1 out:(unknown 0), src-mac 00:00:5e:00:01:f2, proto UDP, 46.72.18.53:36111->134.249.140.20:1, len 132
16 input: in:ether1 out:(unknown 0), src-mac 00:00:5e:00:01:f2, proto TCP (SYN), 201.1.133.187:19808->134.249.140.20:37215, len 44
14 forward: in:6to4-tunnel1 out:6to4-tunnel1, proto ICMP (type 128, code 0), 2001:4ca0:108:42::1:9->2a01:d0:ffff:4e:72a2:d17a:9c55:ee86, len 16
14 forward: in:6to4-tunnel1 out:6to4-tunnel1, proto ICMP (type 128, code 0), 2001:4ca0:108:42::1:9->2a01:d0:ffff:4e:72a2:d17a:9c55:ee86, len 16
14 forward: in:6to4-tunnel1 out:6to4-tunnel1, proto TCP (SYN), [2001:4ca0:108:42:0:80:6:9]:35646->[2a01:d0:ffff:4e:72a2:d17a:9c55:ee86]:80, len 40';
my $regex = qr`^(?P<RuleNumber>[\d]+)\s+(?P<Chain>[^\s]+):\s+in:(?P<InputInterface>[^,]+)\s+out:(?P<OutputInterface>[^,]+),\s+(?:src-mac\s+(?P<SourceMacAddress>[^,]+),\s+)?proto\s+(?P<Protocol>\w+)(?:\s+\((?P<Flags>[^)]+)\))?,\s+\[?(?P<SourceAddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<SourcePort>\d+))?->\[?(?P<DestinationAddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<DestinationPort>\d+))?,\s+len\s+(?P<Length>\d+)$`mp;
if ( $str =~ /$regex/g ) {
print "Whole match is ${^MATCH} and its start/end positions can be obtained via \$-[0] and \$+[0]\n";
# print "Capture Group 1 is $1 and its start/end positions can be obtained via \$-[1] and \$+[1]\n";
# print "Capture Group 2 is $2 ... and so on\n";
}
# ${^POSTMATCH} and ${^PREMATCH} are also available with the use of '/p'
# Named capture groups can be called via $+{name}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Perl, please visit: http://perldoc.perl.org/perlre.html