import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Example {
public static void main(String[] args) {
final String regex = "^(?:\\w[^\\n\\r:]*:.*(?:\\R\\h{2,}\\w.*)*\\R*)+";
final String string = "An account failed to log on.\n\n"
+ "Subject:\n"
+ " Security ID: NULL SID\n"
+ " Account Name: -\n"
+ " Account Domain: -\n"
+ " Logon ID: 0x0\n\n"
+ "Logon Type: 3\n\n"
+ "Account For Which Logon Failed:\n"
+ " Security ID: NULL SID\n"
+ " Account Name: xxxxxxx\n"
+ " Account Domain: xxxxxxx\n\n"
+ "Failure Information:\n"
+ " Failure Reason: Unknown user name or bad password.\n"
+ " Status: 0xC000006D\n"
+ " Sub Status: 0xC000006A\n\n"
+ "Process Information:\n"
+ " Caller Process ID: 0x0\n"
+ " Caller Process Name: -\n\n"
+ "Network Information:\n"
+ " Workstation Name: SSAPL1\n"
+ " Source Network Address: 0.0.0.0\n"
+ " Source Port: 40410\n\n"
+ "Detailed Authentication Information:\n"
+ " Logon Process: NtLmSsp \n"
+ " Authentication Package: NTLM\n"
+ " Transited Services: -\n"
+ " Package Name (NTLM only): -\n"
+ " Key Length: 0\n\n"
+ "This event is generated when a logon request fails. It is generated on the computer where access was attempted.\n\n"
+ "The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\n\n"
+ "The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).\n\n"
+ "The Process Information fields indicate which account and process on the system requested the logon.\n\n"
+ "The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\n\n"
+ "The authentication information fields provide detailed information about this specific logon request.\n"
+ " - Transited services indicate which intermediate services have participated in this logon request.\n"
+ " - Package name indicates which sub-protocol was used among the NTLM protocols.\n"
+ " - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.";
final Pattern pattern = Pattern.compile(regex, Pattern.MULTILINE);
final Matcher matcher = pattern.matcher(string);
while (matcher.find()) {
System.out.println("Full match: " + matcher.group(0));
for (int i = 1; i <= matcher.groupCount(); i++) {
System.out.println("Group " + i + ": " + matcher.group(i));
}
}
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Java, please visit: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html