import re
regex = re.compile(r"Subject:\n\s+Security ID:[^\n]+\n\s+Account Name:\s+(?<account_creator>[^\n]+)", flags=re.MULTILINE)
test_str = ("6/6/19\n"
"9:27:22.000 AM \n"
"06/06/2019 09:27:22 AM\n"
"LogName=Security\n"
"SourceName=Microsoft Windows security auditing.\n"
"EventCode=4720\n"
"EventType=0\n"
"Type=Information\n"
"ComputerName=CPMASNAAD03.na.cintas.com\n"
"TaskCategory=User Account Management\n"
"OpCode=Info\n"
"RecordNumber=5472484169\n"
"Keywords=Audit Success\n"
"Message=A user account was created.\n\n"
"Subject:\n"
" Security ID: \"xxxxxxxxx\"\n"
" Account Name: Account Creator\n"
" Account Domain: xxxxx\n"
" Logon ID: xxxxxxx\n\n"
"New Account:\n"
" Security ID: \"xxxxxx\"\n"
" Account Name: Account Created\n"
" Account Domain: xxxxxxx\n\n"
"Attributes:\n"
" SAM Account Name: xxxxxxxx\n"
" Display Name: User\n"
" User Principal Name: -\n"
" Home Directory: -\n"
" Home Drive: -\n"
" Script Path: -\n"
" Profile Path: -\n"
" User Workstations: -\n"
" Password Last Set: <never>\n"
" Account Expires: <never>\n"
" Primary Group ID: 513\n"
" Allowed To Delegate To: -\n"
" Old UAC Value: 0x0\n"
" New UAC Value: 0x11\n"
" User Account Control: \n"
" Account Disabled\n"
" 'Normal Account' - Enabled\n"
" User Parameters: -\n"
" SID History: -\n"
" Logon Hours: <value not set>\n\n"
"Additional Information:\n"
" Privileges")
matches = regex.finditer(test_str)
for match_num, match in enumerate(matches, start=1):
print(f"Match {match_num} was found at {match.start()}-{match.end()}: {match.group()}")
for group_num, group in enumerate(match.groups(), start=1):
print(f"Group {group_num} found at {match.start(group_num)}-{match.end(group_num)}: {group}")
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Python, please visit: https://docs.python.org/3/library/re.html