# coding=utf8
# the above tag defines encoding for this document and is for Python 2.x compatibility
import re
regex = r"<AUDT:INFO>.(?<date>\d+.\d+.\d+) (?:\d+:\d+:\d+) (?:\d+.\d+.\d+.\d+) (?:.*(?<subject>Failed 'Active Directory' login attempt)(?:.\w+.\w+)(?<impacteduser>.*?'\W))\w+.\w+.\w+.\w+.'(?<sip>.\d+.\d+.\d+.\d+)'"
test_str = ("08 20 2020 11:18:08 10.72.1.17 <AUDT:INFO> 2020-08-20 11:17:12 10.72.1.17 Passwordstate: Failed 'Active Directory' login attempt for UserID 'fakedoamin\\FakeUser' from the IP Address '10.72.1.231'. Possible incorrect Username or Password, or this could also be caused by restricted Logon Hours in Active Directory. Client IP Address = 10.72.1.231\n\n"
"08 21 2020 08:32:25 10.72.1.17 <AUDT:INFO> 2020-08-21 08:31:58 10.72.1.17 Passwordstate: Successful Active Directory login for UserID 'fakedoamin\\FakeUser' from the IP Address '10.72.1.17'. Client IP Address = 10.14.1.93\n\n")
matches = re.finditer(regex, test_str, re.MULTILINE)
for matchNum, match in enumerate(matches, start=1):
print ("Match {matchNum} was found at {start}-{end}: {match}".format(matchNum = matchNum, start = match.start(), end = match.end(), match = match.group()))
for groupNum in range(0, len(match.groups())):
groupNum = groupNum + 1
print ("Group {groupNum} found at {start}-{end}: {group}".format(groupNum = groupNum, start = match.start(groupNum), end = match.end(groupNum), group = match.group(groupNum)))
# Note: for Python 2.7 compatibility, use ur"" to prefix the regex and u"" to prefix the test string and substitution.
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Python, please visit: https://docs.python.org/3/library/re.html