use strict;
my $str = '<13>1 2022-05-17T09:10:28.290795-03:00 firewall,info 1727618 - - - 1727618 customlog: in:VLAN99 out:ether2_WAN_Intercorp, src-mac 50:8e:49:7f:b1:68, proto TCP (ACK,FIN), 10.59.0.8:37438->142.251.129.163:443, NAT (10.59.0.8:37438->189.28.49.7:37438)->142.251.129.163:443, len 52
<13>1 2022-05-17T09:18:05.103720-03:00 firewall,info 620254 - - - 620254 customlog: in:VLAN99 out:ether2_WAN_Intercorp, src-mac d0:04:01:8a:ee:7f, proto UDP, 10.59.0.9:42331->172.217.173.110:443, NAT (10.59.0.9:42331->189.28.49.7:42331)->172.217.173.110:443, len 743
';
my $regex = qr`^.+>[\d]\s(?P<Date>\d{4}-\d{2}-\d{2})T(?P<Time>\d{2}:\d{2}:\d{2}).+firewall,info\s(?P<RadUser>\d+).+in:(?P<InputInterface>[^,]+)\s+out:(?P<OutputInterface>[^,]+),\s+(?:src-mac\s+(?P<SourceMacAddress>[^,]+),\s+)?proto\s+(?P<Protocol>\w+)(?:\s+\((?P<Flags>[^)]+)\))?,\s+\[?(?P<SrcIP>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<SrcPort>\d+))?->\[?(?P<DstIP>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f\d:]+)\]?(?::(?P<DstPort>\d+))?,\s(?P<NAT>\w+)\s\((?P<SrcIpLocalNat>\b(?:\d{1,3}\.){3}\d{1,3}\b):(?P<SrcPortLocalNat>\d+)->(?P<SrcIpPublicNat>\b(?:\d{1,3}\.){3}\d{1,3}\b):(?P<SrcPortPublicNat>\d+)\)->(?P<DestIpNat>\b(?:\d{1,3}\.){3}\d{1,3}\b):(?P<DestPortNat>\d+),.+`p;
if ( $str =~ /$regex/ ) {
print "Whole match is ${^MATCH} and its start/end positions can be obtained via \$-[0] and \$+[0]\n";
# print "Capture Group 1 is $1 and its start/end positions can be obtained via \$-[1] and \$+[1]\n";
# print "Capture Group 2 is $2 ... and so on\n";
}
# ${^POSTMATCH} and ${^PREMATCH} are also available with the use of '/p'
# Named capture groups can be called via $+{name}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Perl, please visit: http://perldoc.perl.org/perlre.html