# coding=utf8
# the above tag defines encoding for this document and is for Python 2.x compatibility
import re
regex = r".*ad.srccountry=(?<cs1>.*?)\s.*$"
test_str = "0|Fortinet|FortiGate-600E|3.2.1,build1204 (DA)|1239233|app-ctrl utm pass|4|start=Mar 06 2022 23:10:08 logver=232123123 deviceExternalId=FGBHAAAAAA1 dvchost=production01 ad.vd=prod01 ad.eventtime=1646604609212138288 ad.tz=+0100 ad.logid=0000000013 cat=traffic ad.subtype=forward deviceSeverity=notice src=10.0.0.2 spt=37628 deviceInboundInterface=Dev LAN ad.srcintfrole=lan dst=70.70.70.2 dpt=443 deviceOutboundInterface=VL-Develop1 ad.dstintfrole=undefined ad.srccountry=Norway ad.dstcountry=Denmark externalID=10999383 proto=6 act=close ad.policyid=67 ad.policytype=policy ad.poluuid=dca6b9de-adc11-51e2-d100-3cc871c8edae ad.policyname=prod01 to Internet app=HTTPS ad.trandisp=noop ad.duration=1 out=1446 in=4377 ad.sentpkt=11 ad.rcvdpkt=12 ad.shapingpolicyid=1 ad.shapersentname=Production-01 ad.shaperdropsentbyte=0 ad.shaperrcvdname=Filter-WAN ad.shaperdroprcvdbyte=0 ad.appcat=unscanned ad.mastersrcmac=a1:a1:a1:a1:a1:a1 ad.srcmac=a1:a1:a1:a1:a1:a1 ad.srcserver=0 tz=\"+0100\""
matches = re.search(regex, test_str)
if matches:
print ("Match was found at {start}-{end}: {match}".format(start = matches.start(), end = matches.end(), match = matches.group()))
for groupNum in range(0, len(matches.groups())):
groupNum = groupNum + 1
print ("Group {groupNum} found at {start}-{end}: {group}".format(groupNum = groupNum, start = matches.start(groupNum), end = matches.end(groupNum), group = matches.group(groupNum)))
# Note: for Python 2.7 compatibility, use ur"" to prefix the regex and u"" to prefix the test string and substitution.
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Python, please visit: https://docs.python.org/3/library/re.html