Ad Widget

**vijayk** · 11-06-2023, 07:29

Script for multi line matching.

HTML Code:

const string = value;
var results = "";
const pattern = /User:\s([^ ]+\\[^ ]+)\n.*?\n*Source Network Address:\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/;

const matches = string.match(pattern);

if (matches) {
const domainUser = matches[1];
const networkAddress = matches[2];
results = domainUser + " " + networkAddress;
return results;
}

**PeterZielony** · 09-06-2023, 16:52

for domain\user you can use ([^ ]+\\[^ ]+)
not sure about multilane, it depends on what you want to do with this information really.

By the way, if you do 2nd regular expression AFTER 1st regular expression, it only works on the actual IP address. It's a chain of how you manipulate text. Eq:
String Gets to preprocessing: "Remote Desktop Services: Session logon succeeded: User: Domain\User Session ID: 23 Source Network Address: 192.168.0.10"
1st step regex: (eq: Source Network Address: (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})) so you left with "Source Network Address: 192.168.0.10" - and this is what it will pass to next step for preprocessing so info about domain\user is lost in 1st regex

Try maybe javascript? Or more complex reg expression.
Edit - more cleaner (again javascript):
For multiline you will have to break down each lane and add to the list and then filter each line with regex and output it to a variable.

Edit2:
Javascript but I haven't test it with multilane input - and probably it won't work anyway but you got starting point:

HTML Code:

const string = value;
var results = "";
const pattern = /User:\s([^ ]+\\[^ ]+).*?Source Network Address:\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/;

const matches = string.match(pattern);

if (matches) {
const domainUser = matches[1];
const networkAddress = matches[2];
results = domainUser + " " + networkAddress;
return results;
}

results:

Edit: dirty but you can get everything into single line (js) before like this:

HTML Code:

const string = value;
var singleLineString = "";
return singleLineString = string.replace(/\n/g, ' ');

So 1st java: get everything inline
2nd java: get info you need.

**vijayk** · 10-06-2023, 05:49

Peter,
Thanks for reply. Yes, the script not working with multi line value.
For single line works perfect. Let me check it for multi line.
Thanks for the script.

**Piotrekzielony** · 10-06-2023, 14:16

Alternatively, you cas set up trigger in task scheduler for this id and filter using xpath, pass values to some ps script for processing which also will send value to zabbix using zabbix_sender. You will have to setup item trapper for this.
this could be better if zabbix got too much preprocessing - but that all depends on your zabbix instance load.

**vijayk** · 11-06-2023, 05:38

Yes, already use it. I have made the PowerShell script which works fine as my requirement, but I need to setup it with zabbix template.
Please refer my blog http://vijaykumbhani.co.in for powershell script.

**vijayk** · 11-06-2023, 07:29

Script for multi line matching.

HTML Code:

const string = value;
var results = "";
const pattern = /User:\s([^ ]+\\[^ ]+)\n.*?\n*Source Network Address:\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/;

const matches = string.match(pattern);

if (matches) {
const domainUser = matches[1];
const networkAddress = matches[2];
results = domainUser + " " + networkAddress;
return results;
}

Ad Widget

Preprocessing regex expression for multiple line

Preprocessing regex expression for multiple line

Comment

Comment

Comment

Comment

Comment

Comment