use strict;
my $str = '<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - %% It\'s time to make the do-nuts.
<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM\'su root\' failed for lonvick on /dev/pts/8
<190>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="10\\] 11"] BOMAn application event log entry..[ ] sadasd
<25>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"]
<1>12 - mymachine - - ID47 - asd asdaasd';
my $regex = qr/(?#regexp & naming based on RFC5424)
^<(?<priority>\d|\d{2}|1[1-8]\d|19[01])>(?<version>\d{1,2})\s
(?<timestamp>-|(?<fullyear>[12]\d{3})-(?<month>0\d|[1][012])-(?<mday>[012]\d|3[01])T(?<hour>[01]\d|2[0-4]):(?<minute>[0-5]\d):(?<second>[0-5]\d|60)(?#60seconds can be used for leap year!)(?:\.(?<secfrac>\d{1,6}))?(?<numoffset>Z|[+-]\d{2}:\d{2})(?#=timezone))\s
(?<hostname>[\S]{1,255})\s
(?<appname>[\S]{1,48})\s
(?<procid>[\S]{1,128})\s
(?<msgid>[\S]{1,32})\s
(?<structureddata>-|(?:\[.+?(?<!\\)\])+)
(?:\s(?<msg>.+))?$/mxp;
if ( $str =~ /$regex/g ) {
print "Whole match is ${^MATCH} and its start/end positions can be obtained via \$-[0] and \$+[0]\n";
# print "Capture Group 1 is $1 and its start/end positions can be obtained via \$-[1] and \$+[1]\n";
# print "Capture Group 2 is $2 ... and so on\n";
}
# ${^POSTMATCH} and ${^PREMATCH} are also available with the use of '/p'
# Named capture groups can be called via $+{name}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Perl, please visit: http://perldoc.perl.org/perlre.html