-5

I have a log entry as follows:

{"TAGS":".source.s_net_unix","SOURCEIP":"1.2.3.4","PROGRAM":"sshd_ext","PRIORITY":"info","PID":"17825","MESSAGE":"Failed password for invalid user admin from 2.3.4.5 port 55327ssh2","HOST_FROM":"server1","HOST":"server1","FACILITY":"auth","DATE":"Dec  2 09:02:01.81220"}

I need to extract the "Failed Password" by looking for the "Message" in the string. How can I do this using String utilities or writing a regular expression?
Thanks in advance.

pri_dev
  • 11,315
  • 15
  • 70
  • 122
  • Unix would be best, I guess SED or AWK would be the fastest. other than that any approach would be fine: java/javascript etc. – pri_dev Dec 02 '15 at 21:24
  • have a look at regex101.com and try ... – Marged Dec 02 '15 at 21:25
  • If that's the case, I'd say your question is either too broad (a complete answer would require listing how to solve this using every possible language/tool in existence) or it is opinion based (a good answer would require making a judgement call over which language/tool is best). You should ask your question targeting a specific technology (and tag it as such). If you want to know how to solve it using multiple technologies so that you can compare them, I would suggest asking the question multiple times--once per technology. However, it's still not great because it shows little effort. – Steven Doggart Dec 02 '15 at 21:39

1 Answers1

2

First of all, why would you use REGEX on a parsable format ? REGEX is a really powerful "weapon" when dealing with plain text but there are more specialized tools and libraries for parsable formats. You can also check this.

In your case, i'm pretty sure that there is a JSON library for your programming language (some have JSON libs included by default).

If the JSON library don't seems a good idea for you, you can try this regex

MESSAGE":"([^"]*)"
Community
  • 1
  • 1
Gabriel Ciubotaru
  • 1,042
  • 9
  • 22