Accounting for white space in the capture group

Question

Accounting for white space in the capture group

I have a regular expression that captures the group security identifier from the Windows Down-Level format. It splits part of the domain only to capture the subsequent identifier after "\"

Regex: Group:\s+Security\s+ID:\s+.*?\\([^ ]+)

Group:  Security ID:  CORP\VirtualUsers (match success)

However, if there is a space in the group name, it does not match properly. It only matches "VM"

Group:  Security ID:  CORP\VM Admins

How can I combine any scenario, is there a space or not? Here is a link to my use case - https://regex101.com/r/gzFe0J/1

+4

java regex

Heisenberg Feb 15 '17 at 23:33

source share

4 answers

, , :

Group:\s+Security\s+ID:\s+.*?\\(.*)Group Name

+2

Mithilesh Gupta 15 . '17 23:43

:

Group:.+?\\\\((?:(?![ ]{2,}).)+)

. .

( Java):

Group:.+?\\\\         # looks for "Group:", anything lazily afterwards
                    # until a backslash
((?:(?![ ]{2,}).)+) # neg. lookahead, not two spaces consecutively

+2

Jan 15 . '17 23:45

regex :
Group:\s+Security\s+ID:\s+.*?\\([^ ]+)
:
Group:\s+Security\s+ID:\s+.*?\\(\w+ ?\w+)
.

(\w+ ?\w+) one word, whitespace, second word, .

. , ?

?

0

Shakiba Moshiri 16 . '17 12:28

Wiktor Stribiżew · Accepted Answer · 2017-02-15T23:46:12+0000

Group Name: Account Name:, Group: Security ID: DOMAIN\ Group Name:/Account Name::

Group:\s+Security\s+ID:\s+[^\\]*\\(.+?)\s+(?:Group|Account)\s+Name:

regex. [^\\]* , \, \, \\ \ (.+?) 1+ Group Name: Account Name:.

, -, \S+(?: \S+)*, lookahead:

Group:\s+Security\s+ID:\s+[^\\]*\\(\S+(?: \S+)*)

- regex

. Java-:

String str = "<13>Jan 09 12:33:50 TESTSRV1 AgentDevice=WindowsLog    AgentLogFile=Security    PluginVersion=7.2.4.86    Source=Microsoft-Windows-Security-Auditing    Computer=corp.devnet.com    OriginatingComputer=TESTSRV1    User=    Domain=    EventID=4755    EventIDCode=4755    EventType=8    EventCategory=13826    RecordNumber=1244048130    TimeGenerated=1483983229    TimeWritten=1483983229    Level=0    Keywords=0    Task=0    Opcode=0    Message=A security-enabled universal group was changed.  Subject:  Security ID:  CORP\\TESTUSR1  Account Name:  TESTUSR1  Account Domain:  CORP  Logon ID:  0x220f7a57  Group:  Security ID:  CORP\\Virtual Users  Group Name:  VirtualUsers  Group Domain:  CORP  Changed Attributes:  SAM Account Name: -  SID History:  -  Additional Information:  Privileges:  -";
Pattern ptrn = Pattern.compile("Group:\\s+Security\\s+ID:\\s+[^\\\\]*\\\\(.+?)\\s+(?:Account|Group)\\s+Name:");
Matcher matcher = ptrn.matcher(str);
while (matcher.find()) {
    System.out.println(matcher.group(1));
}

Accounting for white space in the capture group

More articles: