Solved: How to write regex for sourceip and des ip?

agnes1015 · ‎11-19-2014

how to separate source and destination ips on firewall statement such as below:

date time firewall: access-list network_in permitted udp source/d.d.d.d(p) -> des/d.d.d.d(p) hit-cnt 1 first hit

musskopf · ‎11-19-2014

You can start like this:

.+source\/(?P<source_ip>(\d{1,3}\.){3}\d{1,3})\((?P<source_port>\d+)\) -> des\/(?P<des_ip>(\d{1,3}\.){3}\d{1,3})\((?P<des_port>\d+)\)

I used some very simple expression to match the IP, feel free to change it... I also identified the port, if you wish to use

agnes1015 · ‎11-19-2014

it works!!! super thanks! 😄

musskopf · ‎11-19-2014

You can start like this:

.+source\/(?P<source_ip>(\d{1,3}\.){3}\d{1,3})\((?P<source_port>\d+)\) -> des\/(?P<des_ip>(\d{1,3}\.){3}\d{1,3})\((?P<des_port>\d+)\)

I used some very simple expression to match the IP, feel free to change it... I also identified the port, if you wish to use

How to write regex for sourceip and des ip?