// include the latest version of the regex crate in your Cargo.toml
extern crate regex;
use regex::Regex;
fn main() {
let regex = Regex::new(r"(?s)Token\sType:.*?Client\sIP:\s+(?|(?<adfs_src>:x(?:\.x){3})|x(?:\.x){3},\K(?<adfs_src>x(?:\.x){3}))").unwrap();
let string = "Microsoft ADFS logs and here is an example: 05/07/2019 03:06:54 PM LogName=Security SourceName=AD FS Auditing EventCode=411 EventType=0 Type=Information ComputerName=x.y.z User=abc Sid=A-9-3-98-1231231313-1231231313-1231231313-406293 SidType=1 TaskCategory=Printers OpCode=Info RecordNumber=###### Keywords=Audit Failure, Classic Message=Token validation failed. See inner exception for more details. Additional Data Activity ID: 00000000-0000-0000-0000-000000000000 Token Type: http://schemas.microsoft.com/ws/2006/05/identitymodel/tokens/UserName Client IP: x.x.x.x,x.x.x.x Error message: user@foo.com -The user name or password is incorrect Exception details: System.IdentityModel.Tokens.SecurityTokenValidationException: user@foo.com ---> System.ComponentModel.Win32Exception: The user name or password is incorrect at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUserHandle(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, SafeCloseHandle& tokenHandle, SafeLsaReturnBufferHandle& profileHandle) at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName) at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUser(UserNameSecurityToken token, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName) at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateTokenInternal(SecurityToken token) --- End of inner exception stack trace --- at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateTokenInternal(SecurityToken token) at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token) System.ComponentModel.Win32Exception (0x80004005): The user name or password is incorrect at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUserHandle(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, SafeCloseHandle& tokenHandle, SafeLsaReturnBufferHandle& profileHandle) at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName) at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUser(UserNameSecurityToken token, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName) at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateTokenInternal(SecurityToken token)
Looking for a regex that works when either one or more IPs are listed for Client IP
Thx
";
// result will be an iterator over tuples containing the start and end indices for each match in the string
let result = regex.captures_iter(string);
for mat in result {
println!("{:?}", mat);
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Rust, please visit: https://docs.rs/regex/latest/regex/