Hello folks,
Can you help me extract an IP from this syslog message?
# Capture the second IP with the condition that it does not match these segments:
# 86.127.X.X or 79.116.X.X
{
:local ip1 "killing ike2 SA: ike2-peer 86.127.123.45[4500]-161.35.236.116[41372] spi:1f437655d5e822c2:314dde078ba2c8dd"
:local ip2 [:pick $ip1 ([:find $ip1 "]"]+2) 999]
:put [:pick $ip2 0 [:find $ip2 "["]]
}
Result:
161.35.236.116
I would only need to apply a condition so that it captures the IP as long as it does not match the segments: 86.127.X.X or 79.116.X.X?
Thanks in advance.
BR:
simply add
literally… does not match 86.127.X.X or 79.116.X.X
:if ( !( ($varname~"^86.127.") or ($varname~"^79.116.") ) ) do={ }
Excuse me, would it be like this?
:if ( !( ($varname~"^86.127.") or ($varname~"^79.116.") ) ) do={
:local ip1 "killing ike2 SA: ike2-peer 86.127.123.45[4500]-161.35.236.116[41372] spi:1f437655d5e822c2:314dde078ba2c8dd"
:local ip2 [:pick $ip1 ([:find $ip1 "]"]+2) 999]
:put [:pick $ip2 0 [:find $ip2 "["]]
}
BR.
{
:local logstring "killing ike2 SA: ike2-peer 86.127.123.45[4500]-161.35.236.116[41372] spi:1f437655d5e822c2:314dde078ba2c8dd"
:local startpos ([:find $logstring "]-"] + 2)
:local temp [:pick $logstring $startpos [:len $logstring]]
:local endpos [:find $temp "["]
:local ip [:pick $temp 0 $endpos]
:if ( !( ($ip~"^86.127.") or ($ip~"^79.116.") ) ) do={
:put "IP is $ip"
} else={
:put "IP $ip is inside 86.127.x.x or 79.116.x.x range"
}
}
I already understand it! Thanks.
BR.