import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Example {
public static void main(String[] args) {
final String regex = "password\\s+for\\s+(user|(invalid\\s+user))\\s+(?<User>\\w+)\\s+from\\s+(?<Source_IP>\\d+\\.\\d+\\.\\d+\\.\\d+)\\s+port\\s+(?<Source_Port>\\d+)\\s+(?<Protocol>\\w+)";
final String string = "Jun 3 17:29:44 ntp sshd[9668]: Failed password for invalid user XXX from 192.168.111.111 port 63568 ssh2\n"
+ "· host = ntp 192.168.XXX.XXX\n"
+ "· source = /var/log/secure\n"
+ "· sourcetype = linux_secure\n\n"
+ "Jun 3 17:29:44 XXX sshd[9668]: Failed password for user XXX from 192.168.111.111 port 63568 ssh2\n"
+ "· host = 10.0.0.XXX\n"
+ "· source = /var/log/secure\n"
+ "· sourcetype = linux_secure\n\n"
+ "Jun 3 00:13:41 XXX sshd[18404]: Accepted password for user XXX from 192.168.111.111 port 60272 ssh2\n"
+ "· host = 10.0.0.XXX\n"
+ "· source = /var/log/secure\n"
+ "· sourcetype = linux_secure";
final Pattern pattern = Pattern.compile(regex, Pattern.MULTILINE);
final Matcher matcher = pattern.matcher(string);
while (matcher.find()) {
System.out.println("Full match: " + matcher.group(0));
for (int i = 1; i <= matcher.groupCount(); i++) {
System.out.println("Group " + i + ": " + matcher.group(i));
}
}
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Java, please visit: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html