$re = '/(?P<pan_log_receive_time>\w{3}\s*\d+\s*\d+:\d+:\d+)\s+(?:[^,]*,){3}(?P<pan_log_type>THREAT),(?P<pan_log_subtype>[^,]*),(?:[^,]*,){2}(?P<pan_log_src>[^,]*),(?P<pan_log_dst>[^,]*),(?:[^,]*,){2}(?P<pan_threat_policy>[^,]*),(?P<pan_threat_srcuser>[^,]*),(?:[^,]*),(?P<pan_threat_app>[^,]*),(?P<pan_threat_vsys>[^,]*),(?P<pan_threat_srczone>[^,]*),(?P<pan_threat_dstzone>[^,]*),(?P<pan_threat_inbound_if>[^,]*),(?P<pan_threat_outbound_if>[^,]*),(?:[^,]*,){4}(?P<pan_log_sport>[^,]*),(?P<pan_log_dstport>[^,]*),(?:[^,]*,){3}(?P<proto>[^,]*),(?P<action>[^,]*),"(?P<url>[^"]*)",\((?P<threat_id>\d+)\),(?P<cat>[^,]*),(?P<sev>[^,]*)/m';
$str = '<14>Jul 4 18:56:24 - 1,2018/07/04 18:56:24,010401007075,THREAT,url,0,2018/07/04 18:56:24,212.252.96.87,88.255.40.30,212.252.96.87,172.16.0.153,mail.sayistay.gov.tr,,,ssl,vsys1,Untrust-Zone,DMZ-1-Zone,ethernet1/1,ethernet1/6,SAY-Log-Forwarding-Profile,2018/07/04 18:56:24,401373,1,34538,443,34538,443,0x40f000,tcp,alert,"mail.sayistay.gov.tr/",(9999),URL-Allow-List,informational,client-to-server,257394,0x8000000000000000,Turkey,Turkey,0,,0,,,0,,,,,,,,0,0,0,0,0,,INT-FW-2,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0ESC[0m';
preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0);
// Print the entire match result
var_dump($matches);
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php