I didn't articulate my question properly. I'm having no trouble (thanks to
everyone) extracting the ip addresses.
My last question was how to just move the ip address at the end to the
beginning of the line like:
[Tue Jul 26 19:13:40.922101 2022] [qos:error] [pid 1197:tid 47464083257088]
mod_qos(034): access denied, QS_SrvMinDataRate rule (in:0): min=158, this
connection=0, c=67.86.3.124
to
67.86.3.124 [Tue Jul 26 19:13:40.922101 2022] [qos:error] [pid 1197:tid
47464083257088] mod_qos(034): access denied, QS_SrvMinDataRate rule (in:0):
min=158, this connection=0, c=
On Wed, Jul 27, 2022 at 4:10 PM Rod Buchanan <li...@sofstats.com> wrote:
>
> Find:
>
> ^.*?(c=(\d+\.){3}\d+).*$
>
> Replace:
>
> \1
>
> This will delete everything on the line except "c=IP address".
>
> HTH,
>
>
> On Jul 27, 2022, at 10:22 AM, DiBello Design <dibellodes...@gmail.com>
> wrote:
>
> thanks everyone! Trying to find patterns in a SlowLoris attack on my
> server.
>
> Rod you were correct in that I did not know about the quadded item in the
> menu. And your suggestion worked as well. Thanks.
>
> Instead of extracting, how would I move the ip addresses from the end of
> the line to the beginning.
>
>
>
> On Wed, Jul 27, 2022 at 10:38 AM Rod Buchanan <li...@sofstats.com> wrote:
>
>>
>> ICYDNK there is a built-in search pattern for IP addresses.
>>
>> In the Find dialog click the lowercase "g" dropdown and select "Dotted
>> Quad":
>>
>> (\d+\.){3}\d+
>>
>> Modify it:
>>
>> (c=(\d+\.){3}\d+)
>>
>> Then click "Extract" as Kjetil suggested.
>>
>>
>> On Jul 26, 2022, at 7:55 PM, DiBello Design <dibellodes...@gmail.com>
>> wrote:
>>
>> greetings. Newbe trying to extract ip addresses from a log file.
>>
>> Ip addresses are all different. They are at the end of each line with a
>> c= preface. like c=38.133.119.165
>>
>> the actual lines look like this:
>>
>> [Tue Jul 26 19:09:37.658083 2022] [qos:error] [pid 1197:tid
>> 47464083257088] mod_qos(034): access denied, QS_SrvMinDataRate rule (in:0):
>> min=246, this connection=0, c=70.160.126.199
>> [Tue Jul 26 19:09:37.711177 2022] [qos:error] [pid 1330:tid
>> 47464083257088] mod_qos(034): access denied, QS_SrvMinDataRate rule (in:0):
>> min=246, this connection=0, c=38.133.119.165
>>
>> how do I remove everything from the line except c=xx.xx.xx.xx ?
>>
>> --
>> This is the BBEdit Talk public discussion group. If you have a feature
>> request or need technical support, please email "supp...@barebones.com"
>> rather than posting here. Follow @bbedit on Twitter: <
>> https://twitter.com/bbedit>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "BBEdit Talk" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to bbedit+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/bbedit/959c2444-b493-492f-b824-7f0278a2b468n%40googlegroups.com
>> <https://groups.google.com/d/msgid/bbedit/959c2444-b493-492f-b824-7f0278a2b468n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>>
>>
>> --
>> This is the BBEdit Talk public discussion group. If you have a feature
>> request or need technical support, please email "supp...@barebones.com"
>> rather than posting here. Follow @bbedit on Twitter: <
>> https://twitter.com/bbedit>
>> ---
>> You received this message because you are subscribed to a topic in the
>> Google Groups "BBEdit Talk" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/bbedit/RxzJ-7VG7aE/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> bbedit+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/bbedit/6D9A2221-3943-4FF1-B946-7207FE2E04BF%40sofstats.com
>> <https://groups.google.com/d/msgid/bbedit/6D9A2221-3943-4FF1-B946-7207FE2E04BF%40sofstats.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>
> --
> Rick DiBello
>
> DiBello Design
> dibellodesign.com
>
> Erie Internet
> erieinternet.com
>
>
> --
> This is the BBEdit Talk public discussion group. If you have a feature
> request or need technical support, please email "supp...@barebones.com"
> rather than posting here. Follow @bbedit on Twitter: <
> https://twitter.com/bbedit>
> ---
> You received this message because you are subscribed to the Google Groups
> "BBEdit Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bbedit+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/bbedit/CADU6VFOWUwWv2hXPA%2BBv62NCKeXmDvUKsOHXasFCx_v4GxgZow%40mail.gmail.com
> <https://groups.google.com/d/msgid/bbedit/CADU6VFOWUwWv2hXPA%2BBv62NCKeXmDvUKsOHXasFCx_v4GxgZow%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
>
> --
> This is the BBEdit Talk public discussion group. If you have a feature
> request or need technical support, please email "supp...@barebones.com"
> rather than posting here. Follow @bbedit on Twitter: <
> https://twitter.com/bbedit>
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "BBEdit Talk" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/bbedit/RxzJ-7VG7aE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> bbedit+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/bbedit/116AB50E-C6EA-411D-8B41-F1B4FA3BE681%40sofstats.com
> <https://groups.google.com/d/msgid/bbedit/116AB50E-C6EA-411D-8B41-F1B4FA3BE681%40sofstats.com?utm_medium=email&utm_source=footer>
> .
>
--
Rick DiBello
DiBello Design
dibellodesign.com
Erie Internet
erieinternet.com
--
This is the BBEdit Talk public discussion group. If you have a feature request
or need technical support, please email "supp...@barebones.com" rather than
posting here. Follow @bbedit on Twitter: <https://twitter.com/bbedit>
---
You received this message because you are subscribed to the Google Groups
"BBEdit Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to bbedit+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/bbedit/CADU6VFMAiLZzm3Zp_aoR7F6mpqgRxMEMNrwpa7pKRvoV9bGRbw%40mail.gmail.com.
