const regex = /password\s+for\s+(user|(invalid\s+user))\s+(?<User>\w+)\s+from\s+(?<Source_IP>\d+\.\d+\.\d+\.\d+)\s+port\s+(?<Source_Port>\d+)\s+(?<Protocol>\w+)/gm;
// Alternative syntax using RegExp constructor
// const regex = new RegExp('password\\s+for\\s+(user|(invalid\\s+user))\\s+(?<User>\\w+)\\s+from\\s+(?<Source_IP>\\d+\\.\\d+\\.\\d+\\.\\d+)\\s+port\\s+(?<Source_Port>\\d+)\\s+(?<Protocol>\\w+)', 'gm')
const str = `Jun 3 17:29:44 ntp sshd[9668]: Failed password for invalid user XXX from 192.168.111.111 port 63568 ssh2
· host = ntp 192.168.XXX.XXX
· source = /var/log/secure
· sourcetype = linux_secure
Jun 3 17:29:44 XXX sshd[9668]: Failed password for user XXX from 192.168.111.111 port 63568 ssh2
· host = 10.0.0.XXX
· source = /var/log/secure
· sourcetype = linux_secure
Jun 3 00:13:41 XXX sshd[18404]: Accepted password for user XXX from 192.168.111.111 port 60272 ssh2
· host = 10.0.0.XXX
· source = /var/log/secure
· sourcetype = linux_secure`;
// Reset `lastIndex` if this regex is defined globally
// regex.lastIndex = 0;
let m;
while ((m = regex.exec(str)) !== null) {
// This is necessary to avoid infinite loops with zero-width matches
if (m.index === regex.lastIndex) {
regex.lastIndex++;
}
// The result can be accessed through the `m`-variable.
m.forEach((match, groupIndex) => {
console.log(`Found match, group ${groupIndex}: ${match}`);
});
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for JavaScript, please visit: https://developer.mozilla.org/en/docs/Web/JavaScript/Guide/Regular_Expressions