0

First of all, English is not mu native language, so if I make a mistake don't shoot me. :) Here's my problem: when I use every thing works fine, as soon as there is a port number or a comma direct after the IP-address is involved, it never has a match.

Here is a snippit from the logfile:

[08/Apr/2023 17:48:27] SMTP Spam attack detected from 91.223.169.83:60616, client sent data before SMTP greeting

In the above snippit you see the ip-address followed by colon, the port number and a comma. If I use < HOST > it doesn't match because (IMHO) of the colon, port number and comma. How do I construct a regex so that it matches only the IP-address?

Sometimes it's also like 1.2.3.4, so a comma following the IP-address.

Thanks in advance for your help. Storm

Storm
  • 1
  • 1

1 Answers1

0

i was able to do that by below string

Regex

\(<HOST>:\d+\)

My complete Regex

^Registration from '(?:[^']*|.*?)' failed for \(<HOST>:\d+\) - Wrong password
Mansur Ul Hasan
  • 262
  • 3
  • 9
  • Hi markalex, thanks for your respons. Could you please clarify how it works. As far as I know the "\" is an escape character, so you can use the "(" as a normal character. If that's true then wath does "\d+" mean. As you can see, I'm not the brightest start in regex :) . – Storm Apr 24 '23 at 13:58