Search code examples
javascriptregexelasticsearchtokenizeopenldap

Regex for openldap logs

I'm trying to build a regex to divide the openldap logs to different regex groups

Logs:

620da112 conn=2871219 op=1 SRCH attr=extensionAttribute6
620da112 conn=2871220 fd=60 ACCEPT from IP=10.17.28.159:35708 (IP=0.0.0.0:19000)
620da112 conn=2871219 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
620da112 conn=2871219 op=2 UNBIND
620da112 conn=2871219 fd=52 closed
620da112 conn=2871220 fd=60 TLS established tls_ssf=256 ssf=256
620da112 conn=2871220 op=0 BIND dn="cn=admin,dc=ClinicalPortal" method=128

I need to create a regex where i need to divide each one to a group so that i can assign that to a variable and then the remaining part after the operation(UNBIND,closed,TLS established,BIND...) to a different variable(eg: tag=101 err=0 nentries=1 text= to a diff variable) I have tried the following regex so far but it doesn't work for all the lines and even it doesn't give the last values(eg: tag=101 err=0 nentries=1 text= to a diff variable) as a single group Expression:

function printMatch(line){

  const matchings = myRe.exec(line);
  console.log("Line --START");
  if(matchings !=null){
    for(var i=0;i<matchings.length;i++){
    console.log("Group "+i+":"+matchings[i]);
    }  
  } else {
    console.log("Line "+line+" do not match the REGEX");
  }
  console.log("Line --END");

}

const myRe = /^([A-Za-z[0-9]{8})\s([=A-Za-z[0-9]*)\s([=A-Za-z[0-9]*)\s([A-Z\s{1}]*)/g;
printMatch('620da112 conn=2871219 op=1 SRCH attr=extensionAttribute6');
printMatch('620da112 conn=2871220 fd=60 ACCEPT from IP=10.17.28.159:35708 (IP=0.0.0.0:19000)');
printMatch('620da112 conn=2871219 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=');
printMatch('620da112 conn=2871219 op=2 UNBIND');
printMatch('620da112 conn=2871220 fd=60 TLS established tls_ssf=256 ssf=256');
printMatch('620da112 conn=2871220 op=0 BIND dn="cn=admin,dc=ClinicalPortal" method=128');

Solution

  • "Is the OP looking for a tokenizing similar to this?.. /^(?<id>[a-zA-Z0-9]{8})\s+(?<conn>\w+=\S+)\s+(?<op>\w+=\S+)\s+(?<cmd>.*?)\s*(?<rest>\w+=.*)?$/gm – Peter Seliger

    "Works like a charm!!! Could you please answer this one instead of a comment would like to accept it as a answer." – Pathfinder

    const multilineSample = `620da112 conn=2871219 op=1 SRCH attr=extensionAttribute6
620da112 conn=2871220 fd=60 ACCEPT from IP=10.17.28.159:35708 (IP=0.0.0.0:19000)
620da112 conn=2871219 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
620da112 conn=2871219 op=2 UNBIND
620da112 conn=2871219 fd=52 closed
620da112 conn=2871220 fd=60 TLS established tls_ssf=256 ssf=256
620da112 conn=2871220 op=0 BIND dn="cn=admin,dc=ClinicalPortal" method=128`;

const regXNamedTokens =
  // see ... [https://regex101.com/r/k9mUPP/1]
  /^(?<id>[a-zA-Z0-9]{8})\s+(?<conn>\w+=\S+)\s+(?<op>\w+=\S+)\s+(?<cmd>.*?)\s*(?<rest>\w+=.*)?$/gm;

console.log(
  'all match results ...',
  Array.from(
    multilineSample.matchAll(regXNamedTokens)
  )
);
console.log(
  'all results each with its mapped named capture group ...',
  Array.from(
    multilineSample.matchAll(regXNamedTokens)
  )
  .map(({ groups }) => groups)
);
    .as-console-wrapper { min-height: 100%!important; top: 0; }