^ asserts position at start of a lineLines are delimited by \n
<142> matches the characters <142> literally (case sensitive)
Named Capture Group date (?P<date>\w\s\d)
\w
matches any word character (equivalent to [a-zA-Z0-9_])+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
\s
matches any whitespace character (equivalent to [\r\n\t\f\v ])+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
\d
matches a digit (equivalent to [0-9])+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
\s
matches any whitespace character (equivalent to [\r\n\t\f\v ])+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
Named Capture Group time (?P<time>[^ ])
Match a single character not present in the list below [^ ]
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
matches the character literally (case sensitive)
\s
matches any whitespace character (equivalent to [\r\n\t\f\v ])+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
Named Capture Group server (?P<server>\w)
\w
matches any word character (equivalent to [a-zA-Z0-9_])+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
\s
matches any whitespace character (equivalent to [\r\n\t\f\v ])+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
Named Capture Group process_name (?P<process_name>[a-z])
Match a single character present in the list below [a-z]
\[ matches the character [ literally (case sensitive)
Named Capture Group process_number (?P<process_number>\d)
Match a single character not present in the list below [^ \n]
matches the character literally (case sensitive)
Named Capture Group process_id (?P<process_id>[^\|])
\| matches the character | literally (case sensitive)
Named Capture Group message_id (?P<message_id>[^\|])
\| matches the character | literally (case sensitive)
Named Capture Group action (?P<action>IRCPTACTION|VERDICT|UNTESTED|FIRED|SENDER|LOGICAL_IP|EHLO|MSG_SIZE|MSGID|SOURCE|SUBJECT|ORCPTS|TRACKERID|ATTACH|UNSCANNABLE|VIRUS|DELIVER|ACCEPT)
Non-capturing group (?:(?:(?<=ACCEPT|DELIVER|LOGICAL_IP)\|(?P<src>[^:\s])(?::(?P<port>[0-9]))?(?:\|(?P<to>[^\s]))?)|(?:(?<=FIRED|IRCPTACTION|ORCPTS|TRACKERID|UNTESTED|VERDICT)\|(?P<recipient>[^\s\|])(?:\|)?(?P<result>[a-z][^\|\s])?(?:\|(?P<result_2>[a-z][^\|]))?(?:\|(?P<result_3>.))?)|(?:(?<=SENDER)\|(?P<from>[^\s]))|(?:(?<=MSG_SIZE)\|(?P<msg_size>\w))|(?:(?<=SUBJECT)\|(?P<subject>.))|(?:(?<=ATTACH)\|(?P<attachment>.))|(?:(?<=UNSCANNABLE)\|(?P<reason>.))|(?:(?<=VIRUS)\|(?P<virus_name>.))|(?:(?<=EHLO)\|(?P<fqdn>.)))?
g modifier: global. All matches (don't return after first match)
m modifier: multi line. Causes ^ and $ to match the begin/end of each line (not only begin/end of string)