use strict;
my $str = 'IN=pppoe0 OUT= MAC= SRC=45.134.26.235 DST=51.148.135.105 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=21599 PROTO=TCP SPT=41497 DPT=33241 WINDOW=1024 RES=0x00 SYN URGP=0
IN=eth1 OUT=eth1.20 MAC=fc:ec:da:47:47:e6:b4:2e:99:19:8e:79:08:00 SRC=10.231.1.21 DST=10.231.20.5 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=22819 DF PROTO=TCP SPT=58474 DPT=8123 WINDOW=64240 RES=0x00 SYN URGP=0
IN=eth1.40 OUT=eth1 MAC=fc:ec:da:47:47:e6:ea:5e:e5:92:bd:3d:08:00:45:00:00:46 SRC=10.231.40.108 DST=10.231.1.22 LEN=70 TOS=0x00 PREC=0x00 TTL=63 ID=58349 DF PROTO=UDP SPT=58673 DPT=53 LEN=50
IN=pppoe0 OUT= MAC= SRC=37.120.166.236 DST=51.148.135.105 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=27591 DF PROTO=TCP SPT=35990 DPT=18080 WINDOW=29200 RES=0x00 SYN URGP=0';
my $regex = qr/IN=(?P<source_interface>(\S+|\s?)) OUT=(?P<forward_interface>(\S+|\s?)) MAC=(?P<source_mac>(\S+|\s?)) SRC=(?P<source_ip>(?:([0-9]{1,3}\.){3}[0-9]{1,3})) DST=(?P<destination_ip>(?:([0-9]{1,3}\.){3}[0-9]{1,3})) LEN=(?P<pkt_len>\d+) TOS=(?P<pkt_tos>[\dx\d]+) PREC=(?P<pkt_prec>[\dx\d]+) TTL=(?P<pkt_ttl>\d+) ID=(?P<pkt_id>\d+)\s?(?P<pk_frg>[A-Z\s].?)\s?PROTO=(?P<pkt_protocol>[\w\d]+) SPT=(?P<source_port>\d+) DPT=(?P<dest_port>\d+) (LEN=(?P<pkt_length>\d+))?(WINDOW=(?P<pkt_window>\d+) RES=(?P<pkt_res>[\dx\d]+)? (?P<pkt_type>(\S+))?\s?(URGP=(?P<pkt_urgency>\d))?)?/mp;
if ( $str =~ /$regex/g ) {
print "Whole match is ${^MATCH} and its start/end positions can be obtained via \$-[0] and \$+[0]\n";
# print "Capture Group 1 is $1 and its start/end positions can be obtained via \$-[1] and \$+[1]\n";
# print "Capture Group 2 is $2 ... and so on\n";
}
# ${^POSTMATCH} and ${^PREMATCH} are also available with the use of '/p'
# Named capture groups can be called via $+{name}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Perl, please visit: http://perldoc.perl.org/perlre.html