import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Example {
public static void main(String[] args) {
final String regex = "(?m)EventCode\\s*=\\s*4625|Caller Process Name.*svchost.exe";
final String string = "02/11/2020 11:51:38 AM\n"
+ "LogName=Security\n"
+ "SourceName=Microsoft Windows security auditing.\n"
+ "EventCode=4625\n"
+ "EventType=0\n"
+ "Type=Information\n"
+ "ComputerName=MelissaNBT3RG22\n"
+ "TaskCategory=Logon\n"
+ "OpCode=Info\n"
+ "RecordNumber=40702\n"
+ "Keywords=Audit Failure\n"
+ "Message=An account failed to log on.\n\n"
+ "Subject:\n"
+ " Security ID: S-1-5-18\n"
+ " Account Name: MELISSANBT3RG22$\n"
+ " Account Domain: WORKGROUP\n"
+ " Logon ID: 0x3E7\n\n"
+ "Logon Type: 2\n\n"
+ "Account For Which Logon Failed:\n"
+ " Security ID: S-1-0-0\n"
+ " Account Name: MNesavich\n"
+ " Account Domain: MELISSANBT3RG22\n\n"
+ "Failure Information:\n"
+ " Failure Reason: Unknown user name or bad password.\n"
+ " Status: 0xC000006D\n"
+ " Sub Status: 0xC000006A\n\n"
+ "Process Information:\n"
+ " Caller Process ID: 0x848\n"
+ " Caller Process Name: C:\\Windows\\System32\\svchost.exe\n\n"
+ "Network Information:\n"
+ " Workstation Name: MELISSANBT3RG22\n"
+ " Source Network Address: 127.0.0.1\n"
+ " Source Port: 0\n\n"
+ "Detailed Authentication Information:\n"
+ " Logon Process: User32 \n"
+ " Authentication Package: Negotiate\n"
+ " Transited Services: -\n"
+ " Package Name (NTLM only): -\n"
+ " Key Length: 0\n\n"
+ "This event is generated when a logon request fails. It is generated on the computer where access was attempted.\n\n"
+ "The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\n\n"
+ "The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).\n\n"
+ "The Process Information fields indicate which account and process on the system requested the logon.\n\n"
+ "The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.\n\n"
+ "The authentication information fields provide detailed information about this specific logon request.\n"
+ " - Transited services indicate which intermediate services have participated in this logon request.\n"
+ " - Package name indicates which sub-protocol was used among the NTLM protocols.\n"
+ " - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.";
final Pattern pattern = Pattern.compile(regex);
final Matcher matcher = pattern.matcher(string);
while (matcher.find()) {
System.out.println("Full match: " + matcher.group(0));
for (int i = 1; i <= matcher.groupCount(); i++) {
System.out.println("Group " + i + ": " + matcher.group(i));
}
}
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Java, please visit: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html