const regex = /<AUDT:INFO>.(?<date>\d+.\d+.\d+) (?:\d+:\d+:\d+) (?:\d+.\d+.\d+.\d+) (?:.*(?<subject>Failed 'Active Directory' login attempt)(?:.\w+.\w+)(?<impacteduser>.*?'\W))\w+.\w+.\w+.\w+.'(?<sip>.\d+.\d+.\d+.\d+)'/gm;
// Alternative syntax using RegExp constructor
// const regex = new RegExp('<AUDT:INFO>.(?<date>\\d+.\\d+.\\d+) (?:\\d+:\\d+:\\d+) (?:\\d+.\\d+.\\d+.\\d+) (?:.*(?<subject>Failed \'Active Directory\' login attempt)(?:.\\w+.\\w+)(?<impacteduser>.*?\'\\W))\\w+.\\w+.\\w+.\\w+.\'(?<sip>.\\d+.\\d+.\\d+.\\d+)\'', 'gm')
const str = `08 20 2020 11:18:08 10.72.1.17 <AUDT:INFO> 2020-08-20 11:17:12 10.72.1.17 Passwordstate: Failed 'Active Directory' login attempt for UserID 'fakedoamin\\FakeUser' from the IP Address '10.72.1.231'. Possible incorrect Username or Password, or this could also be caused by restricted Logon Hours in Active Directory. Client IP Address = 10.72.1.231
08 21 2020 08:32:25 10.72.1.17 <AUDT:INFO> 2020-08-21 08:31:58 10.72.1.17 Passwordstate: Successful Active Directory login for UserID 'fakedoamin\\FakeUser' from the IP Address '10.72.1.17'. Client IP Address = 10.14.1.93
`;
// Reset `lastIndex` if this regex is defined globally
// regex.lastIndex = 0;
let m;
while ((m = regex.exec(str)) !== null) {
// This is necessary to avoid infinite loops with zero-width matches
if (m.index === regex.lastIndex) {
regex.lastIndex++;
}
// The result can be accessed through the `m`-variable.
m.forEach((match, groupIndex) => {
console.log(`Found match, group ${groupIndex}: ${match}`);
});
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for JavaScript, please visit: https://developer.mozilla.org/en/docs/Web/JavaScript/Guide/Regular_Expressions