Here is the data I am trying to parse. I actually want to extract a number of fields but cannot figure out how to parse through the {0d}{0a}{20}s. For this question, what regex will pull out **"Microsoft-IIS/8.5"**?
May 16 06:56:02 75-vw-win7ns.net-10-1-3.dhcp.company.org pvs: 10.x.x.x:46168|10.y.y.y:80|6|6852|HTTP 4xx Detection (Client)|4{00}E{00}2{00}6{00}8{00}C{00}6{00}F{00}<{00}/{00}P{00}r{00}o{00}p{00}e{00}r{00}t{00}y{00}>{00}<{00}/{00}H{00}o{00}o{00}k{00}2{00}>{00}<{00}/{00}H{00}o{00}o{00}k{00}s{00}>{00}<{00}P{00}a{00}y{00}l{00}o{00}a{00}d{00}{20}{00}T{00}y{00}p{00}e{00}={00}"{00}i{00}n{00}l{00}i{00}n{00}e{00}"{00}/{00}>{00}<{00}T{00}a{00}r{00}g{00}e{00}t{00}H{00}o{00}s{00}t{00}>{00}D{00}T{00}-{00}S{00}C{00}C{00}M{00}P{00}R{00}O{00}D{00}0{00}1{00}.{00}A{00}D{00}.{00}S{00}F{00}G{00}|HTTP/1.1{20}401{20}Unauthorized{0d}{0a}Content-Type:{20}text/html{0d}{0a}Server:{20}Microsoft-IIS/8.5{0d}{0a}WWW-Authenticate:{20}Negotiate{0d}{0a}WWW-Authenticate:{20}NTLM{0d}{0a}X-Powered-By:{20}ASP.NET{0d}{0a}Date:{20}Mon,{20}16{20}May{20}2016{20}13:55:59{20}GMT{0d}{0a}Content-Length:{20}1293{0d}{0a}{0d}{0a}{0d}{0a}{00}{0d}{00}{0a}{00}{09}{00}<{00}I{00}D{00}>{00}{{00}4{00}2{00}7{00}D{00}C{00}1{00}C{00}C{00}-{00}1{00}0{00}7{00}4{00}-{00}4{00}7{00}C{00}3{00}-{00}9{00}0{00}0{00}6{00}-{00}D{00}0{00}4{00}7{00}8{00}C{00}3{00}E{00}E{00}0{00}6{00}|HTTP/1.1{20}401{20}Unauthorized{0d}{0a}Content-Type:{20}text/html{0d}{0a}Server:{20}Microsoft-IIS/8.5{0d}{0a}WWW-Authenticate:{20}Negotiate{0d}{0a}WWW-Authenticate:{20}NTLM{0d}{0a}X-Powered-By:{20}ASP.NET{0d}{0a}Date:{20}Mon,{20}16{20}May{20}2016{20}13:55:59{20}GMT{0d}{0a}Content-Length:{20}1293{0d}{0a}{0d}{0a}{0d}{0a}
↧