// include the latest version of the regex crate in your Cargo.toml
extern crate regex;
use regex::Regex;
fn main() {
let regex = Regex::new(r#"^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) date=(?<forti_date>[^ ]*) time=(?<forti_time>[^ ]*) devname=(?<dev_name>[^ ]*) device_id=(?<dev_id>[^ ]*) log_id=(?<log_id>[^ ]*) type=(?<type>[^ ]*) subtype=(?<subtype>[^ ]*) pri=(?<pri>[^ ]*) vd=(?<vd>[^ ]*) src=(?<src>[^ ]*) src_port=(?<src_port>[^ ]*) src_int="(?<src_int>[^ ]*)" dst=(?<dst>[^ ]*) dst_port=(?<dst_port>[^ ]*) dst_int="(?<dst_int>[^ ]*)" SN=(?<SN>[^ ]*) status=(?<status>[^ ]*) policyid=(?<policy_id>[^ ]*) dst_country="(?<dst_country>[^ ]*)" src_country="(?<src_country>[^ ]*)" service=(?<service>[^ ]*) proto=(?<proto>[^ ]*) duration=(?<duration>[^ ]*) sent=(?<sent>[^ ]*) rcvd=(?<rcvd>[^ ]*)$"#).unwrap();
let string = "Jan 10 06:00:00 date=2016-01-10 time=05:59:59 devname=CNTFI1-FG3040B-02-01 device_id=FG3K0D3I11700008 log_id=0038000004 type=traffic subtype=other pri=notice vd=VDOM1 src= src_port=24687 src_int=\"VLAN889\" dst= dst_port=1433 dst_int=\"VLAN807\" SN=3504861876 status=start policyid=4816 dst_country=\"Reserved\" src_country=\"Reserved\" service=MS-SQL proto=6 duration=0 sent=0 rcvd=0";
// result will be a tuple containing the start and end indices for the first match in the string
let result = regex.captures(string);
let (start, end) = match result {
Some((s, e)) => (s, e),
None => {
// ...
println!("{}", &string[start, end]);
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Rust, please visit: https://docs.rs/regex/latest/regex/