# coding=utf8
# the above tag defines encoding for this document and is for Python 2.x compatibility
import re
regex = r"(?P<datetime>.*?) queries: info: client @[0-9a-fx]* (?P<source_ip>[\w.:]*)#\d+ \(.*\): view (?P<view_name>\w+): query: (?P<domain>[\w.-]+) IN (?P<type>\w+) .*? \((?P<name_server>[\w.:]+)\)"
test_str = ("10-Jan-2023 03:21:48.928 queries: info: client @0x7f2d8c598d60 10.103.215.85#54657 (connect.rom.miui.com): view INTRANET: query: connect.rom.miui.com IN AAAA + (202.203.208.33)\n"
"10-Jan-2023 03:21:48.928 queries: info: client @0x7f2d9842cb10 10.103.215.85#64822 (connect.rom.miui.com): view INTRANET: query: connect.rom.miui.com IN A + (202.203.208.33)\n"
"10-Jan-2023 03:21:48.935 queries: info: client @0x7f2d986a0a90 113.55.13.51#41365 (cs.ttkcloud.icu): view DATACENTER: query: cs.ttkcloud.icu IN A +E(0)DCV (202.203.208.33)\n"
"10-Jan-2023 03:21:48.944 queries: info: client @0x7f2d8c24d600 117.135.192.105#53977 (www.jwc.ynu.edu.cn): view CHINANET: query: www.jwc.ynu.edu.cn IN A -E(0)DC (202.203.208.33)\n"
"10-Jan-2023 03:21:48.948 queries: info: client @0x7f2d8c24d600 113.55.13.51#35429 (pay.xunlei.com): view DATACENTER: query: pay.xunlei.com IN A +E(0)DCV (202.203.208.33)\n"
"10-Jan-2023 03:21:48.948 queries: info: client @0x7f2d9844acd0 113.55.100.67#49522 (authds.todesk.com): view INTRANET: query: authds.todesk.com IN A +E(0) (202.203.208.33)\n"
"10-Jan-2023 03:21:48.953 queries: info: client @0x7f2d9844acd0 113.55.13.51#37806 (juwelier-lorenz.de): view DATACENTER: query: juwelier-lorenz.de IN A +E(0)DCV (202.203.208.33)\n"
"10-Jan-2023 03:21:48.963 queries: info: client @0x7f2d9865d110 113.55.14.170#47786 (qup.b.360.net): view DATACENTER: query: qup.b.360.net IN AAAA + (202.203.208.33)\n"
"10-Jan-2023 03:21:48.963 queries: info: client @0x7f2d880225c0 113.55.14.170#47786 (qup.b.360.net): view DATACENTER: query: qup.b.360.net IN A + (202.203.208.33)\n"
"10-Jan-2023 03:21:48.963 queries: info: client @0x7f2d9865d110 113.55.14.170#47786 (qup.b.360.net.localdomain): view DATACENTER: query: qup.b.360.net.localdomain IN A + (202.203.208.33)\n"
"10-Jan-2023 03:23:39.891 queries: info: client @0x7f2d96ef53f0 113.55.13.51#36815 (apac-china-courier-4.push-apple.com.akadns.net): view DATACENTER: query: apac-china-courier-4.push-apple.com.akadns.net IN TYPE65 +E(0)DCV (202.203.208.33)\n"
"10-Jan-2023 03:23:39.903 queries: info: client @0x7f2d96ef53f0 162.62.33.130#40786 (www.jwc.ynu.edu.cn): view OTHER: query: www.jwc.ynu.edu.cn IN A -E(0)DC (202.203.208.33)\n"
"10-Jan-2023 03:23:39.924 queries: info: client @0x7f2d8808cbb0 113.55.102.209#50480 (us.pool.ntp.org): view INTRANET: query: us.pool.ntp.org IN AAAA + (202.203.208.33)\n"
"10-Jan-2023 03:23:39.931 queries: info: client @0x7f2d8c4fd8b0 113.55.13.51#56049 (ttxyajs.data.kuiniuca.com): view DATACENTER: query: ttxyajs.data.kuiniuca.com IN A +E(0)DCV (202.203.208.33)\n"
"10-Jan-2023 03:25:09.599 queries: info: client @0x7f2d96ed3930 218.203.160.46#60631 (www.jwc.ynu.edu.cn): view CHINANET: query: www.jwc.ynu.edu.cn IN A -E(0)DCK (202.203.208.33)\n"
"10-Jan-2023 03:25:28.012 queries: info: client @0x7f2d88692a00 113.55.114.162#15390 (elinkintf.km169.net): view INTRANET: query: elinkintf.km169.net IN A + (202.203.208.33)\n"
"10-Jan-2023 03:25:28.014 queries: info: client @0x7f2d88692a00 222.19.203.75#39781 (www.baidu.com): view INTRANET: query: www.baidu.com IN A + (202.203.208.33)\n"
"10-Jan-2023 03:25:28.017 queries: info: client @0x7f2d88692a00 172.70.213.84#35458 (www.jwc.ynu.edu.cn): view OTHER: query: www.jwc.ynu.edu.cn IN A -E(0)D (202.203.208.33)\n"
"10-Jan-2023 03:25:28.017 queries: info: client @0x7f2d96ea5720 172.70.213.84#36520 (www.jwc.ynu.edu.cn): view OTHER: query: www.jwc.ynu.edu.cn IN AAAA -E(0)D (202.203.208.33)\n"
"10-Jan-2023 03:37:06.816 queries: info: client @0x7f2d88655d40 141.122.123.193#55222 (33.128.203.202.in-addr.arpa): view OTHER: query: 33.128.203.202.in-addr.arpa IN PTR -E(0) (202.203.208.33)\n"
"10-Jan-2023 03:37:06.825 queries: info: client @0x7f2da4042e70 2409:8080:820:411f::#36347 (www.jwc.ynu.edu.cn): view OTHER: query: www.jwc.ynu.edu.cn IN A -E(0)DCV (2001:250:2800:2::33)\n"
"10-Jan-2023 03:37:06.847 queries: info: client @0x7f2d88655d40 202.203.222.243#37022 (243.222.203.202.in-addr.arpa): view INTRANET: query: 243.222.203.202.in-addr.arpa IN PTR + (202.203.208.33)\n"
"10-Jan-2023 03:41:30.942 queries: info: client @0x7f2da403b510 240e:4a:4300:2::5#27362 (www.lib.ynu.edu.cn): view OTHER: query: www.lib.ynu.edu.cn IN A -E(0)DC (2001:250:2800:2::33)\n"
"10-Jan-2023 03:41:30.943 queries: info: client @0x7f2da4042e70 240e:4a:4300:2::4#50549 (www.jwc.ynu.edu.cn): view OTHER: query: www.jwc.ynu.edu.cn IN A -E(0)DC (2001:250:2800:2::33)\n"
"10-Jan-2023 03:41:30.943 queries: info: client @0x7f2d8c6857f0 202.203.209.62#44664 (1.209.203.202.in-addr.arpa): view INTRANET: query: 1.209.203.202.in-addr.arpa IN PTR + (202.203.208.33)\n")
matches = re.finditer(regex, test_str, re.MULTILINE)
for matchNum, match in enumerate(matches, start=1):
print ("Match {matchNum} was found at {start}-{end}: {match}".format(matchNum = matchNum, start = match.start(), end = match.end(), match = match.group()))
for groupNum in range(0, len(match.groups())):
groupNum = groupNum + 1
print ("Group {groupNum} found at {start}-{end}: {group}".format(groupNum = groupNum, start = match.start(groupNum), end = match.end(groupNum), group = match.group(groupNum)))
# Note: for Python 2.7 compatibility, use ur"" to prefix the regex and u"" to prefix the test string and substitution.
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Python, please visit: https://docs.python.org/3/library/re.html