2108 2013-03-08 15:47:58.802912 10.240.97.64 -> 10.240.97.99 TCP 74 53224 > 22 [FIN, SYN, PSH, URG] Seq=0 Win=256 Urg=0 Len=0 WS=1024 MSS=265 TSval=4294967295 TSecr=0 SACK_PERM=1
2106 2013-03-08 15:47:58.752178 10.240.97.64 -> 10.240.97.99 UDP 342 Source port: 53196 Destination port: 33997
2089 2013-03-08 15:47:58.342168 10.240.97.64 -> 10.240.97.99 ICMP 192 Echo (ping) request id=0x11da, seq=296/10241, ttl=38
I have multiple lines in different formats as seen above, and my log formats are diversed due to the protocols(TCP, UDP, ICMP, ARP, SSL). Is is possible to write a conditional regex like:
use this regex if it contains 'TCP'
and use this regex if contains 'UDP'
...
?
Any help is appreciated.
You could write two regular expressions, each containing TCP or UDP - then each expression will only match their respective event type. Alternatively, write one expression with the two in parenthesis and separated by a pipe.
You could write two regular expressions, each containing TCP or UDP - then each expression will only match their respective event type. Alternatively, write one expression with the two in parenthesis and separated by a pipe.