package main
import (
"regexp"
"fmt"
)
func main() {
var re = regexp.MustCompile(`(?:rd|ed|USER=|disconnected by|closed)\s?(?:for)?\s?(?:invalid\suser\s)?(?<user>\w+)`)
var str = `Sat Jun 03 2017 22:53:03 cisco_router1 sshd[4926]: Failed password for invalid user info from 2.229.4.58 port 4509 ssh2
Sat Jun 03 2017 22:55:37 cisco_router1 sshd[3720]: Failed password for peevish from 2.229.4.58 port 1299 ssh2
Sat Jun 03 2017 22:54:09 cisco_router1 sshd[15833]: pam_unix(sshd:session): session opened for user nsharpe by (uid=0)
Tue Jul 04 2017 16:59:10 cisco_router1 sshd[64913]: pam_unix(sshd:session): session closed for user nsharpe by (uid=0)
Tue Jul 04 2017 14:21:40 cisco_router1 su: pam_unix(su:session): session closed for user root
Sat Jun 03 2017 22:55:13 cisco_router1 sshd[1952]: Accepted password for djohnson from 10.3.10.46 port 1182 ssh2
Sat Jun 03 2017 22:55:37 cisco_router1 sudo: myuan ; TTY=pts/0 ; PWD=/home/myuan ; USER=root ; COMMAND=/bin/su
Tue Jul 04 2017 16:59:10 cisco_router1 sshd[59602]: Received disconnect from 10.2.10.163 11: disconnected by user
Tue Jul 04 2017 16:59:10 cisco_router1 sshd[59602]: Received disconnect from 10.2.10.163 11: disconnected by user
`
for i, match := range re.FindAllString(str, -1) {
fmt.Println(match, "found at index", i)
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Golang, please visit: https://golang.org/pkg/regexp/