Regular Expressions 101

@regex101
Donate
Sponsor
Contact
Bug Reports & Feedback
Wiki
Whats new?

Save & Share

  • Save Regex
    ctrl+s
  • Update Regex
    ctrl+⇧+s

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python 2.7
  • Golang
  • Java 8

Function

  • Match
  • Substitution
  • List
  • Unit Tests
/
^<142>(?P<date>\w\s\d)\s(?P<time>[^ ])\s(?P<server>\w)\s(?P<process_name>[a-z])\[(?P<process_number>\d)[^ \n] (?P<process_id>[^\|])\|(?P<message_id>[^\|])\|(?P<action>IRCPTACTION|VERDICT|UNTESTED|FIRED|SENDER|LOGICAL_IP|EHLO|MSG_SIZE|MSGID|SOURCE|SUBJECT|ORCPTS|TRACKERID|ATTACH|UNSCANNABLE|VIRUS|DELIVER|ACCEPT)(?:(?:(?<=ACCEPT|DELIVER|LOGICAL_IP)\|(?P<src>[^:\s])(?::(?P<port>[0-9]))?(?:\|(?P<to>[^\s]))?)|(?:(?<=FIRED|IRCPTACTION|ORCPTS|TRACKERID|UNTESTED|VERDICT)\|(?P<recipient>[^\s\|])(?:\|)?(?P<result>[a-z][^\|\s])?(?:\|(?P<result_2>[a-z][^\|]))?(?:\|(?P<result_3>.))?)|(?:(?<=SENDER)\|(?P<from>[^\s]))|(?:(?<=MSG_SIZE)\|(?P<msg_size>\w))|(?:(?<=SUBJECT)\|(?P<subject>.))|(?:(?<=ATTACH)\|(?P<attachment>.))|(?:(?<=UNSCANNABLE)\|(?P<reason>.))|(?:(?<=VIRUS)\|(?P<virus_name>.))|(?:(?<=EHLO)\|(?P<fqdn>.)))?
/
gm
^ asserts position at start of a line
<142> matches the characters <142> literally (case sensitive)
Named Capture Group date
(?P<date>\w\s\d)
\w
matches any word character (equivalent to [a-zA-Z0-9_])
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
\s
matches any whitespace character (equivalent to [\r\n\t\f\v ])
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
\d
matches a digit (equivalent to [0-9])
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
\s
matches any whitespace character (equivalent to [\r\n\t\f\v ])
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
Named Capture Group time
(?P<time>[^ ])
Match a single character not present in the list below
[^ ]
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
matches the character literally (case sensitive)
\s
matches any whitespace character (equivalent to [\r\n\t\f\v ])
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
Named Capture Group server
(?P<server>\w)
\w
matches any word character (equivalent to [a-zA-Z0-9_])
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
\s
matches any whitespace character (equivalent to [\r\n\t\f\v ])
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
Named Capture Group process_name
(?P<process_name>[a-z])
Match a single character present in the list below
[a-z]
\[ matches the character [ literally (case sensitive)
Named Capture Group process_number
(?P<process_number>\d)
Match a single character not present in the list below
[^ \n]
matches the character literally (case sensitive)
Named Capture Group process_id
(?P<process_id>[^\|])
\| matches the character | literally (case sensitive)
Named Capture Group message_id
(?P<message_id>[^\|])
\| matches the character | literally (case sensitive)
Named Capture Group action
(?P<action>IRCPTACTION|VERDICT|UNTESTED|FIRED|SENDER|LOGICAL_IP|EHLO|MSG_SIZE|MSGID|SOURCE|SUBJECT|ORCPTS|TRACKERID|ATTACH|UNSCANNABLE|VIRUS|DELIVER|ACCEPT)
Non-capturing group
(?:(?:(?<=ACCEPT|DELIVER|LOGICAL_IP)\|(?P<src>[^:\s])(?::(?P<port>[0-9]))?(?:\|(?P<to>[^\s]))?)|(?:(?<=FIRED|IRCPTACTION|ORCPTS|TRACKERID|UNTESTED|VERDICT)\|(?P<recipient>[^\s\|])(?:\|)?(?P<result>[a-z][^\|\s])?(?:\|(?P<result_2>[a-z][^\|]))?(?:\|(?P<result_3>.))?)|(?:(?<=SENDER)\|(?P<from>[^\s]))|(?:(?<=MSG_SIZE)\|(?P<msg_size>\w))|(?:(?<=SUBJECT)\|(?P<subject>.))|(?:(?<=ATTACH)\|(?P<attachment>.))|(?:(?<=UNSCANNABLE)\|(?P<reason>.))|(?:(?<=VIRUS)\|(?P<virus_name>.))|(?:(?<=EHLO)\|(?P<fqdn>.)))?
Global pattern flags
g modifier: global. All matches (don't return after first match)
m modifier: multi line. Causes ^ and $ to match the begin/end of each line (not only begin/end of string)
Your regular expression does not match the subject string.Try launching the debugger to find out why.

Regular Expression
No Match

/
/
gm

Test String