I need to put a RegEX into an OpenNMS config file. I am trying to grab just the first IP address from a syslog message. The format is:
Sep 13 08:36:37 192.168.75.254 %ASA-4-106023: Deny tcp src outside:144.5.5.255/
56607 dst inside:192.168.75.102/23 by access-group "outside_access_in" [0x0, 0x0]
So far I have:
\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}
Which will grab all three of the IP addresses. How do I limit it to one?
In the NMS config file I need to fill in these lines:
forwarding-regexp="regex here"
matching-group-host="2"
matching-group-message="3"
So I need a regex that will put just the first IP into a group, while creating a group for the entire Syslog message
It seems you want
\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s*([\s\S]*)
See the regex demo
Details
\b - a word boundary(\d{1,3}(?:\.\d{1,3}){3}) - Group 1:
\d{1,3} - 1 to 3 digits(?:\.\d{1,3}){3} - 3 occurrences of a dot and then 1 to 3 digits (\d{3})\s* - 0+ whitespaces([\s\S]*) - Group 2: any zero or more chars as many as possible (* is a greedy quantifier).