Regex DNS ANSWER SECTION into groups
I've been trying for a while to regex the fields from the ANSWERS SECTION in the unbound logs.
This regex only extracts the last entry in the ANSWERS section:
(?:ANSWERsSECTION:s(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)+s;;)
This entry extracts everything in the ANSWERS SECTION, but also leaks into the AUTHORITY SECTION
(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)
my goal is to have each of the answers in a group. Any thoughts on how to limit the groups to the ANSWERS SECTION while still capturing repeating groups?
logs:
2019-01-02T17:34:19-05:00 10.10.30.1 unbound: [48511:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: gs-loc.ls-apple.com.akadns.net.#011IN#011A ;; ANSWER SECTION: gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.4 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.8 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.9 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 96
2019-01-02T17:34:42-05:00 10.10.30.1 unbound: [48511:0] info: cname msg ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: init-p01md.apple.com.#011IN#011A ;; ANSWER SECTION: init-p01md.apple.com.#0119665#011IN#011CNAME#011init-p01md-lb.push-apple.com.akadns.net. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 91
2019-01-02T18:52:01-05:00 10.10.30.1 unbound: [48511:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: amazonaws.com.#011IN#011DS ;; ANSWER SECTION: ;; AUTHORITY SECTION: xxxxxxxxxxxxxxxxxx.#01181254#011IN#011NSEC3#0111 1 0 - xxxxxxxxxxxxxxxxxxNS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout} xxxxxxxxxxxxxxxxxx.com.#01181254#011IN#011RRSIG#011NSEC3 8 2 86400 20190107054258 20181231043258 37490 com. xxxxxxxxxxxxxxxxxx/2/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx= ;{id = 37490} com.#011884#011IN#011SOA#011a.gtld-servers.net. nstld.verisign-grs.com. 1546473084 1800 900 604800 86400 com.#011884#011IN#011RRSIG#011SOA 8 1 900 20190109235124 20190102224124 37490 com. xxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx
regex dns unbound
add a comment |
I've been trying for a while to regex the fields from the ANSWERS SECTION in the unbound logs.
This regex only extracts the last entry in the ANSWERS section:
(?:ANSWERsSECTION:s(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)+s;;)
This entry extracts everything in the ANSWERS SECTION, but also leaks into the AUTHORITY SECTION
(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)
my goal is to have each of the answers in a group. Any thoughts on how to limit the groups to the ANSWERS SECTION while still capturing repeating groups?
logs:
2019-01-02T17:34:19-05:00 10.10.30.1 unbound: [48511:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: gs-loc.ls-apple.com.akadns.net.#011IN#011A ;; ANSWER SECTION: gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.4 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.8 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.9 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 96
2019-01-02T17:34:42-05:00 10.10.30.1 unbound: [48511:0] info: cname msg ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: init-p01md.apple.com.#011IN#011A ;; ANSWER SECTION: init-p01md.apple.com.#0119665#011IN#011CNAME#011init-p01md-lb.push-apple.com.akadns.net. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 91
2019-01-02T18:52:01-05:00 10.10.30.1 unbound: [48511:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: amazonaws.com.#011IN#011DS ;; ANSWER SECTION: ;; AUTHORITY SECTION: xxxxxxxxxxxxxxxxxx.#01181254#011IN#011NSEC3#0111 1 0 - xxxxxxxxxxxxxxxxxxNS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout} xxxxxxxxxxxxxxxxxx.com.#01181254#011IN#011RRSIG#011NSEC3 8 2 86400 20190107054258 20181231043258 37490 com. xxxxxxxxxxxxxxxxxx/2/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx= ;{id = 37490} com.#011884#011IN#011SOA#011a.gtld-servers.net. nstld.verisign-grs.com. 1546473084 1800 900 604800 86400 com.#011884#011IN#011RRSIG#011SOA 8 1 900 20190109235124 20190102224124 37490 com. xxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx
regex dns unbound
See regex101.com/r/bJiZwA/1
– Wiktor Stribiżew
Jan 3 at 19:43
Thank you! that is prefect!
– remis4
Jan 3 at 20:01
This regex only extracts the last entry in the ANSWERS section:
What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?
– sln
Jan 3 at 20:23
within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.
– remis4
Jan 6 at 13:56
add a comment |
I've been trying for a while to regex the fields from the ANSWERS SECTION in the unbound logs.
This regex only extracts the last entry in the ANSWERS section:
(?:ANSWERsSECTION:s(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)+s;;)
This entry extracts everything in the ANSWERS SECTION, but also leaks into the AUTHORITY SECTION
(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)
my goal is to have each of the answers in a group. Any thoughts on how to limit the groups to the ANSWERS SECTION while still capturing repeating groups?
logs:
2019-01-02T17:34:19-05:00 10.10.30.1 unbound: [48511:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: gs-loc.ls-apple.com.akadns.net.#011IN#011A ;; ANSWER SECTION: gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.4 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.8 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.9 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 96
2019-01-02T17:34:42-05:00 10.10.30.1 unbound: [48511:0] info: cname msg ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: init-p01md.apple.com.#011IN#011A ;; ANSWER SECTION: init-p01md.apple.com.#0119665#011IN#011CNAME#011init-p01md-lb.push-apple.com.akadns.net. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 91
2019-01-02T18:52:01-05:00 10.10.30.1 unbound: [48511:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: amazonaws.com.#011IN#011DS ;; ANSWER SECTION: ;; AUTHORITY SECTION: xxxxxxxxxxxxxxxxxx.#01181254#011IN#011NSEC3#0111 1 0 - xxxxxxxxxxxxxxxxxxNS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout} xxxxxxxxxxxxxxxxxx.com.#01181254#011IN#011RRSIG#011NSEC3 8 2 86400 20190107054258 20181231043258 37490 com. xxxxxxxxxxxxxxxxxx/2/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx= ;{id = 37490} com.#011884#011IN#011SOA#011a.gtld-servers.net. nstld.verisign-grs.com. 1546473084 1800 900 604800 86400 com.#011884#011IN#011RRSIG#011SOA 8 1 900 20190109235124 20190102224124 37490 com. xxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx
regex dns unbound
I've been trying for a while to regex the fields from the ANSWERS SECTION in the unbound logs.
This regex only extracts the last entry in the ANSWERS section:
(?:ANSWERsSECTION:s(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)+s;;)
This entry extracts everything in the ANSWERS SECTION, but also leaks into the AUTHORITY SECTION
(?:(?<answer_name>S+)#011(?<answer_ttl>S+)#011(?<answer_class>S+)#011(?<answer_type>S+)#011(?<answer_rdata>S+)s)
my goal is to have each of the answers in a group. Any thoughts on how to limit the groups to the ANSWERS SECTION while still capturing repeating groups?
logs:
2019-01-02T17:34:19-05:00 10.10.30.1 unbound: [48511:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: gs-loc.ls-apple.com.akadns.net.#011IN#011A ;; ANSWER SECTION: gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.4 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.8 gs-loc.ls-apple.com.akadns.net.#01135#011IN#011A#01117.142.171.9 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 96
2019-01-02T17:34:42-05:00 10.10.30.1 unbound: [48511:0] info: cname msg ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: init-p01md.apple.com.#011IN#011A ;; ANSWER SECTION: init-p01md.apple.com.#0119665#011IN#011CNAME#011init-p01md-lb.push-apple.com.akadns.net. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 91
2019-01-02T18:52:01-05:00 10.10.30.1 unbound: [48511:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: amazonaws.com.#011IN#011DS ;; ANSWER SECTION: ;; AUTHORITY SECTION: xxxxxxxxxxxxxxxxxx.#01181254#011IN#011NSEC3#0111 1 0 - xxxxxxxxxxxxxxxxxxNS SOA RRSIG DNSKEY NSEC3PARAM ;{flags: optout} xxxxxxxxxxxxxxxxxx.com.#01181254#011IN#011RRSIG#011NSEC3 8 2 86400 20190107054258 20181231043258 37490 com. xxxxxxxxxxxxxxxxxx/2/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx= ;{id = 37490} com.#011884#011IN#011SOA#011a.gtld-servers.net. nstld.verisign-grs.com. 1546473084 1800 900 604800 86400 com.#011884#011IN#011RRSIG#011SOA 8 1 900 20190109235124 20190102224124 37490 com. xxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx
regex dns unbound
regex dns unbound
asked Jan 3 at 19:29
remis4remis4
154
154
See regex101.com/r/bJiZwA/1
– Wiktor Stribiżew
Jan 3 at 19:43
Thank you! that is prefect!
– remis4
Jan 3 at 20:01
This regex only extracts the last entry in the ANSWERS section:
What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?
– sln
Jan 3 at 20:23
within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.
– remis4
Jan 6 at 13:56
add a comment |
See regex101.com/r/bJiZwA/1
– Wiktor Stribiżew
Jan 3 at 19:43
Thank you! that is prefect!
– remis4
Jan 3 at 20:01
This regex only extracts the last entry in the ANSWERS section:
What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?
– sln
Jan 3 at 20:23
within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.
– remis4
Jan 6 at 13:56
See regex101.com/r/bJiZwA/1
– Wiktor Stribiżew
Jan 3 at 19:43
See regex101.com/r/bJiZwA/1
– Wiktor Stribiżew
Jan 3 at 19:43
Thank you! that is prefect!
– remis4
Jan 3 at 20:01
Thank you! that is prefect!
– remis4
Jan 3 at 20:01
This regex only extracts the last entry in the ANSWERS section:
What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?– sln
Jan 3 at 20:23
This regex only extracts the last entry in the ANSWERS section:
What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?– sln
Jan 3 at 20:23
within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.
– remis4
Jan 6 at 13:56
within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.
– remis4
Jan 6 at 13:56
add a comment |
1 Answer
1
active
oldest
votes
You may use
(?:G(?!A)s*|ANSWERsSECTION:)s*(?<answer_name>S+)#011(?<answer_ttl>d+)#011(?<answer_class>w+)#011(?<answer_type>w+)#011(?<answer_rdata>S+)
See the regex demo
Details
(?:G(?!A)s*|ANSWERsSECTION:)
-ANSWER SECTION:
substring or the end of the previous match and 0+ whitespaces
s*
- 0+ whitespaces
(?<answer_name>S+)
- Group "answer_name": 1 or more non-whitespace chars
#011
- a literal substring
(?<answer_ttl>d+)
- Group "answer_ttl": 1 or more digits
#011
- a literal substring
(?<answer_class>w+)
- Group "answer_class": 1 or more word chars
#011
- a literal substring
(?<answer_type>w+)
- Group "answer_type": 1 or more word chars
#011
- a literal substring
(?<answer_rdata>S+)
- Group "answer_rdata": 1 or more non-whitespace chars.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54028637%2fregex-dns-answer-section-into-groups%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You may use
(?:G(?!A)s*|ANSWERsSECTION:)s*(?<answer_name>S+)#011(?<answer_ttl>d+)#011(?<answer_class>w+)#011(?<answer_type>w+)#011(?<answer_rdata>S+)
See the regex demo
Details
(?:G(?!A)s*|ANSWERsSECTION:)
-ANSWER SECTION:
substring or the end of the previous match and 0+ whitespaces
s*
- 0+ whitespaces
(?<answer_name>S+)
- Group "answer_name": 1 or more non-whitespace chars
#011
- a literal substring
(?<answer_ttl>d+)
- Group "answer_ttl": 1 or more digits
#011
- a literal substring
(?<answer_class>w+)
- Group "answer_class": 1 or more word chars
#011
- a literal substring
(?<answer_type>w+)
- Group "answer_type": 1 or more word chars
#011
- a literal substring
(?<answer_rdata>S+)
- Group "answer_rdata": 1 or more non-whitespace chars.
add a comment |
You may use
(?:G(?!A)s*|ANSWERsSECTION:)s*(?<answer_name>S+)#011(?<answer_ttl>d+)#011(?<answer_class>w+)#011(?<answer_type>w+)#011(?<answer_rdata>S+)
See the regex demo
Details
(?:G(?!A)s*|ANSWERsSECTION:)
-ANSWER SECTION:
substring or the end of the previous match and 0+ whitespaces
s*
- 0+ whitespaces
(?<answer_name>S+)
- Group "answer_name": 1 or more non-whitespace chars
#011
- a literal substring
(?<answer_ttl>d+)
- Group "answer_ttl": 1 or more digits
#011
- a literal substring
(?<answer_class>w+)
- Group "answer_class": 1 or more word chars
#011
- a literal substring
(?<answer_type>w+)
- Group "answer_type": 1 or more word chars
#011
- a literal substring
(?<answer_rdata>S+)
- Group "answer_rdata": 1 or more non-whitespace chars.
add a comment |
You may use
(?:G(?!A)s*|ANSWERsSECTION:)s*(?<answer_name>S+)#011(?<answer_ttl>d+)#011(?<answer_class>w+)#011(?<answer_type>w+)#011(?<answer_rdata>S+)
See the regex demo
Details
(?:G(?!A)s*|ANSWERsSECTION:)
-ANSWER SECTION:
substring or the end of the previous match and 0+ whitespaces
s*
- 0+ whitespaces
(?<answer_name>S+)
- Group "answer_name": 1 or more non-whitespace chars
#011
- a literal substring
(?<answer_ttl>d+)
- Group "answer_ttl": 1 or more digits
#011
- a literal substring
(?<answer_class>w+)
- Group "answer_class": 1 or more word chars
#011
- a literal substring
(?<answer_type>w+)
- Group "answer_type": 1 or more word chars
#011
- a literal substring
(?<answer_rdata>S+)
- Group "answer_rdata": 1 or more non-whitespace chars.
You may use
(?:G(?!A)s*|ANSWERsSECTION:)s*(?<answer_name>S+)#011(?<answer_ttl>d+)#011(?<answer_class>w+)#011(?<answer_type>w+)#011(?<answer_rdata>S+)
See the regex demo
Details
(?:G(?!A)s*|ANSWERsSECTION:)
-ANSWER SECTION:
substring or the end of the previous match and 0+ whitespaces
s*
- 0+ whitespaces
(?<answer_name>S+)
- Group "answer_name": 1 or more non-whitespace chars
#011
- a literal substring
(?<answer_ttl>d+)
- Group "answer_ttl": 1 or more digits
#011
- a literal substring
(?<answer_class>w+)
- Group "answer_class": 1 or more word chars
#011
- a literal substring
(?<answer_type>w+)
- Group "answer_type": 1 or more word chars
#011
- a literal substring
(?<answer_rdata>S+)
- Group "answer_rdata": 1 or more non-whitespace chars.
answered Jan 3 at 20:13
Wiktor StribiżewWiktor Stribiżew
328k16148227
328k16148227
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54028637%2fregex-dns-answer-section-into-groups%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
See regex101.com/r/bJiZwA/1
– Wiktor Stribiżew
Jan 3 at 19:43
Thank you! that is prefect!
– remis4
Jan 3 at 20:01
This regex only extracts the last entry in the ANSWERS section:
What do you mean by this ? The regex matches 2 entries in the log. Isn't that what you want ?– sln
Jan 3 at 20:23
within the ANSWER SECTION, there can be multiple answers to the dns question. i want to extract each answer into groups, and more specifically, each portion of each answer into specific groups. the regex that solved it does this.
– remis4
Jan 6 at 13:56