package main
import (
"regexp"
"fmt"
)
func main() {
var re = regexp.MustCompile(`(?P<date>\S{3}\s\d{1,3}\s\d{2}\:\d{2}\:\d{2})\s(?P<device>\S+)\s\S\=(?P<src>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\:\s\S\=\"(?P<user>.*?)\"\s\S\=\d+\s\S\=\S\s\S\=\d+\s\S\=\d+\s\S+\=\d\s\S{1,3}\=.*?type=\".*?\"\s.*?meth=(?P<type>\S+)\s\S+\=\"(?P<url>.*?)\"\s\S{2}\=\"(?P<agent>.*?)\"\s\S{1,3}\=\"(?P<url2>.*?)dom\=\"(?P<domain>.*?)\".*?target_ip\=\"(?P<dest>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\".*`)
var str = []byte(`Oct 18 06:27:03 WS2000.wnins.com h=172.16.20.74: u="WNINS\\rehetzel" s=200 X=+ t=1445149621 T=44767 Ts=0 act=1 cat="0x2200000008" app="-" rsn=- threat="-" type="image/jpeg" ctype="image/jpeg" sav-ev=- sav-dv=- uri-dv=- cache=- in=471 out=990 meth=GET ref="http://www.techrepublic.com/blog/the-enterprise-cloud/how-do-i-assign-permissions-to-users-to-see-sql-agent-jobs/" ua="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36" req="GET http://d.pzkysq.pink/5ET3nslK.jpg?z=715211411411 HTTP/1.1" dom="pzkysq.pink" filetype="-" rule="0" filesize=518 axtime=0.000455 fttime=0.000043 scantime=- src_cat="0x2000000008" labs_cat="0x2000000008" dcat_prox="-" target_ip="204.93.43.48" labs_rule_id="0" reqtime=0.000 adtime=0.000000 ftbypass=- os=Windows authn=17 auth_by=ntlm dnstime=0.000009 quotatime=-`)
var substitution = []byte("")
var count = 1 // negative counter is equivalent to global case (replace all)
str = re.ReplaceAllStringFunc(str, func(s string) string {
if count == 0 {
return s
}
count -= 1
return re.ReplaceAllString(s, substitution)
})
fmt.Println(string(str))
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Golang, please visit: https://golang.org/pkg/regexp/