re = /^(?P<RuleNumber>[\d]+)\s+(?P<Chain>[^\s]+):\s+in:(?P<InputInterface>[^,]+)\s+out:(?P<OutputInterface>[^,]+),\s+(?:src-mac\s+(?P<SourceMacAddress>[^,]+),\s+)?proto\s+(?P<Protocol>\w+)(?:\s+\((?P<Flags>[^)]+)\))?,\s+\[?(?P<SourceAddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<SourcePort>\d+))?->\[?(?P<DestinationAddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<DestinationPort>\d+))?,\s+len\s+(?P<Length>\d+)$/m
str = '16 input: in:ether1 out:(unknown 0), src-mac 00:00:5e:00:01:f2, proto UDP, 46.72.18.53:36111->134.249.140.20:1, len 132
16 input: in:ether1 out:(unknown 0), src-mac 00:00:5e:00:01:f2, proto TCP (SYN), 201.1.133.187:19808->134.249.140.20:37215, len 44
14 forward: in:6to4-tunnel1 out:6to4-tunnel1, proto ICMP (type 128, code 0), 2001:4ca0:108:42::1:9->2a01:d0:ffff:4e:72a2:d17a:9c55:ee86, len 16
14 forward: in:6to4-tunnel1 out:6to4-tunnel1, proto ICMP (type 128, code 0), 2001:4ca0:108:42::1:9->2a01:d0:ffff:4e:72a2:d17a:9c55:ee86, len 16
14 forward: in:6to4-tunnel1 out:6to4-tunnel1, proto TCP (SYN), [2001:4ca0:108:42:0:80:6:9]:35646->[2a01:d0:ffff:4e:72a2:d17a:9c55:ee86]:80, len 40'
# Print the match result
str.scan(re) do |match|
puts match.to_s
end
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Ruby, please visit: http://ruby-doc.org/core-2.2.0/Regexp.html