0

I have output from a command that I am trying to parse to do a few things.

It looks like this and is saved as a text file:

Policy name: example-3 (lf-csd) (LINE 29907)

  Description: CHANGE00001
  Destination_addresses (8):
                              10.0.0.1/32 (                  10.0.0.1-lk-3r53) ( 3125)
                            10.0.0.8/32 (                10.0.0.8-test13) ( 3157)
                             10.0.0.3/32 (          10.0.0.3-gdgsd-cd) ( 2806)
                             10.0.0.9/32 (              10.0.0.9-fd-fdsb) ( 3123)

 Destination_address_sets (0):
  Source_addresses:
                              10.0.0.7/32 (              10.0.0.7-IR) ( 5989)

  Applications: tcp3389
  Then: permit

Policy name: example-4 (lfs-csd) (LINE 29907)

  Description: CHANGE00002
  Destination_addresses (3):
                              10.0.0.6/32 (                  10.0.0.1-lk-3r53) ( 3125)
                            10.0.0.2/32 (                10.0.0.8-test13) ( 3157)
                             10.0.0.53/32 (          10.0.0.3-gdgsd-cd) ( 2806)
                             10.0.0.94/32 (              10.0.0.9-fd-fdsb) ( 3123)

 Destination_address_sets (0):
  Source_addresses:
                              10.0.0.53/32 (              10.0.0.52-IR) ( 5989)

  Applications: tcp53
  Then: permit

I want to only leave this text:

 Source_addresses:
                              10.0.0.7/32 (              10.0.0.7-IR) ( 5989)

  Applications: tcp3389

Source_addresses:
                              10.0.0.53/32 (              10.0.0.52-IR) ( 5989)

  Applications: tcp53

Here is what I have written:

$reg = (?s)Destination_addresses(.*)Destination_address_sets
Get-Content 10.0.0.12.conf |
  ForEach-Object {$_ -replace "$reg","" } | 
  Out-File 10.0.0.12.conf

If I test this like:

$re = [regex]'(?s)Destination_addresses(.*)Destination_address_sets'

and use

$re.match("Destination_addresses Nothing Destination_address_sets :2142")

it matches as true with a value of Destination_addresses Nothing Destination_address_sets so I think the regex is close but it selects either too much or to little data.

I have also tried:

$stuff = Get-Content 10.0.0.12.conf
$trimmeddata = $stuff -replace "(?s)Destination_addresses(.*)Destination_address_sets", ""

I am probably missing something simple but any help would be great.

John McCabe
  • 15
  • 5

1 Answers1

0

I don't know powershell, but this stackoverflow shows that:

Powershell:

(Select-String -InputObject $myString -Pattern 'Source_addresses:(?:.|\n)*?Applications:.*\n' -AllMatches).Matches

May be the powershell you are looking for. As for the regex,

Regex:

https://regex101.com/r/hQ3pO4/2

(Source_addresses:(?:.|\n)*?Applications:.*\n)

shows that .* does not capture newlines, but (?:.|\n)*? does.

Explanation:

  • Source_addresses: - Literal match
  • (?:.|\n)*?
    • . - any character (not newline)
    • | - logical OR
    • \n - newline
    • *? - repeat as little as possible in order to satisfy the entire regex. (Until Applications: is matched)
  • Applications: - Literal match
  • .* - any character (not newline), greedy
  • \n - newline
Community
  • 1
  • 1
Bryce Drew
  • 5,777
  • 1
  • 15
  • 27