// include the latest version of the regex crate in your Cargo.toml
extern crate regex;
use regex::Regex;
fn main() {
let regex = Regex::new(r"Audit (?P<audit_outcome>Success|Failure),(?P<log_date>.*)\s+(?P<log_time>.*),Microsoft-Windows-Security-Auditing,(?P<event_id>\d+),(?P<category>.*),(?P<event_message>.*)\s+Subject:\s+Security ID:\s+(?P<subject_security_id>.*)\s+Account Name:\s+(?P<subject_account_name>.*)\s+Account Domain:\s+(?P<subject_account_domain>.*)\s+Logon ID:\s+(?P<subject_logon_id>.*)\s+Process Information:\s+Process ID:\s+(?P<PI_process_id>.*)\s+Name:\s+(?P<PI_name>.*)\s+Previous Time:\s+(?P<previous_time>.*)\s+New Time:\s+(?P<new_time>.*)\s+(?P<audit_message>.*)").unwrap();
let string = "Audit Success,29/08/2017 09:42:50,Microsoft-Windows-Security-Auditing,4616,Security State Change,\"The system time was changed.
Subject:
Security ID: LOCAL SERVICE
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3E5
Process Information:
Process ID: 0x3e8
Name: C:\\Windows\\System32\\svchost.exe
Previous Time: 2017-08-29T01:42:49.858143700Z
New Time: 2017-08-29T01:42:49.520000000Z
This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.\"";
// result will be an iterator over tuples containing the start and end indices for each match in the string
let result = regex.captures_iter(string);
for mat in result {
println!("{:?}", mat);
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Rust, please visit: https://docs.rs/regex/latest/regex/