Hi im trying to extract domain usernames from my juniper log files using regex however depending on the log message the fully qualified domain name isnt always displayed
See example below:
line 1: juniper -ive -] domain/user1(realm) etc. etc.
Line2: juniper -ive -] user2(realm) etc. etc.
i would like to extract just the username into a group so i'm trying to exclude the word "DOMAIN/" so far i have this:
]\s(?!DOMAIN\/\b)([a-z_0-9]+)
however it only seems to capture user2
Thanks,
Hi guys, neither of them worked, in the end i used this:
]\s(?:DOMAIN\*)?(.\w+)
but thanks anyways
pls escape backslashes with a \ otherwise we readers see confusing stuff because this forum takes a single \ as a special char. a real pita imho.
That's odd. I tested it and it works. But, if your regex is now working, that's all that matters. Cheers!
This should work too:
-]\s((?<domain>\w+)/)?(?<user>\w+)
🙂
this one might work:
ive\s+-\]\s+((?<domain>\w+)/)?(?<user>\w+)\((?<realm>\w+)\)
does it support negative/positive lookahead and lookbehind?
your (?!) is a negative lookahead, you need a positive lookbehind if using "domain/"
maybe this
([A-Za-z]{1,10}([0-9]{1,5})?)(?=\()|(?<=/)([A-Za-z]{1,10}([0-9]{1,5})?)
or
([A-Za-z]{1,10}(\d+)?)(?=\()|(?<=/)([A-Za-z]{1,10}(\d+)?)
but a single pos lookahead should suffice
([A-Za-z]{1,10}(\d+)?)(?=\(realm\))