1

I am trying to undersand regular expressions in java. I am playing with a log file in java so I can extract log fields. For example, I have the following line:

Apr 10 21:08:55 kali sshd[37727]: Failed password for root from 127.0.0.1 port 42035 ssh2"

And I want to have the output like this:

"Date&Time" = Apr 10 21:08:55
"Hostname" = kali
"Program Name" = sshd
"Log" = Failed password for root from 127.0.0.1 port 42035 ssh2

Here is my java code so far:

public class LogRegExp{

public static void main(String argv[]) {
    String logEntryLine = "Apr 10 21:08:55 kali sshd[37727]: Failed password for root from 127.0.0.1 port 42035 ssh2";
    String logEntryPattern = "(\\w.+) (\\d.+) (\\w.+) (\\w.+)";

    Pattern p = Pattern.compile(logEntryPattern);
    Matcher matcher = p.matcher(logEntryLine);
    if (!matcher.matches()) {
        System.err.println("Bad log entry (or problem with RE?):");
        System.err.println(logEntryLine);
        return;
    }
    System.out.println("Date&Time: " + matcher.group(1));
        System.out.println("Hostname: " + matcher.group(2));
    System.out.println("Program Name: " + matcher.group(3));
        System.out.println("Log: " + matcher.group(4));

}

I tried following this example : http://www.java2s.com/Code/Java/Development-Class/ParseanApachelogfilewithRegularExpressions.htm

But I am unable to adapt it to my needs. I understand how to apply the esacape characters, digits, etc., but I do not know how to adapt it for my case. Can anyone help me please?

Improve this question
2
  • 1
    You shouldn't be parsing a log file at all. If you need the application to communicate with itself, or with other applications, use a database. Commented Apr 11, 2014 at 10:31
  • 1
    In this instance, you have very little criteria to parse your log file, so your regular expression will be prone to defects. That is, regardless of whether parsing a log file with regex is right or wrong in the first place. Commented Apr 11, 2014 at 10:37

3 Answers 3

Reset to default
3

Use this code:

public class LogRegExp {

    public static void main(String argv[]) {
        String logEntryLine = "Apr 10 21:08:55 kali sshd[37727]: Failed password for root from 127.0.0.1 port 42035 ssh2";
        String logEntryPattern = "([\\w]+\\s[\\d]+\\s[\\d:]+)\\s([\\w]+)\\s([\\w]+)\\[.+\\]:\\s(.+)";

        Pattern p = Pattern.compile(logEntryPattern);
        Matcher matcher = p.matcher(logEntryLine);
        if (!matcher.matches()) {
            System.err.println("Bad log entry (or problem with RE?):");
            System.err.println(logEntryLine);
            return;
        }
        System.out.println("Date&Time: " + matcher.group(1));
        System.out.println("Hostname: " + matcher.group(2));
        System.out.println("Program Name: " + matcher.group(3));
        System.out.println("Log: " + matcher.group(4));

    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You can make the following modifications to your code:

public class LogRegExp {

    public static void main(String argv[]) {
        String logEntryLine = "Apr 10 21:08:55 kali sshd[37727]: Failed password for root from 127.0.0.1 port 42035 ssh2";
        String logEntryPattern = "([\\w]+\\s[\\d]+\\s[\\d:]+) (\\w+) (\\w{4})(\\[\\d{5}\\]:) (\\w.+)";

        Pattern p = Pattern.compile(logEntryPattern);
        Matcher matcher = p.matcher(logEntryLine);
        if (!matcher.matches()) {
            System.err.println("Bad log entry (or problem with RE?):");
            System.err.println(logEntryLine);
            return;
        }
        System.out.println("Date&Time: " + matcher.group(1));
        System.out.println("Hostname: " + matcher.group(2));
        System.out.println("Program Name: " + matcher.group(3));
        System.out.println("Log: " + matcher.group(5));

    }
}

The output of this program is:

Date&Time: Apr 10 21:08:55
Hostname: kali
Program Name: sshd
Log: Failed password for root from 127.0.0.1 port 42035 ssh2
Improve this answer

Comments

0

Try with this pattern:

String logEntryPattern = "(.+\\d\\d?:\\d\\d?:\\d\\d?) (\\S+) ([^\\[]+)\\S+ (.+)";
                                   hh::mm::ss
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.