regex for dns logs

Question

I have a DNS logs that come like this :

17/04/2017 08:59:38 09DC PACKET  000000A939E64600 UDP Rcv 10.254.30.96    c650   Q [0001   D   NOERROR] A      (8)master11(10)teamviewer(3)com(0)
17/04/2017 08:59:38 09DC PACKET  000000A9404FABE0 UDP Rcv 10.254.30.87    9bae   Q [0001   D   NOERROR] A      (7)master2(10)teamviewer(3)com(0)
17/04/2017 08:59:42 09E0 PACKET  000000A9404D15B0 UDP Rcv 10.254.35.43    fdcc   Q [0001   D   NOERROR] A      (6)mobile(4)pipe(4)aria(9)microsoft(3)com(0)
17/04/2017 09:49:45 09E8 PACKET  000000A94194FE80 UDP Rcv 8.8.8.8         646d R Q [8381   DR NXDOMAIN] A      (3)mta(3)dkf(2)com(0)

In the end of each line you will the see the domain name represented like this:

(7)master2(10)teamviewer(3)com(0)

I wanted to get only the following parts :

master teamviewer com

and replace the the space by a "." to have a result like this :

master2.teamviewer.com

To do that I used this regex :

(?<=\)).*?(?=\()

But unfortunately i got this error :

Lookbehind is not supported in javascript

Do any one have a suggestion or a solution of this problem ? Thanks

Wiktor Stribiżew · Accepted Answer

You might use the solution from this article:

A\s+$\d+$(.*?)$\d+$(.*?)$\d+$(.*?)$\d+$

See the regex demo

Here,

A - a literal A
\s+ - 1+ whitespaces
$\d+$ - 1+ digits enclosed with ( and )
(.*?) - any 0+ chars, as few as possible (as *? is a lazy quantifier)
$\d+$(.*?)$\d+$(.*?)$\d+$ - an alternated sequence of the above two subpatterns.

Set the Capture Group option as needed. In the example above,

Format String : $1.$2.$3

regex for dns logs

Answers (2)

Related Questions