Log Regex Markup

Log Regex Markup

Requires: com.ioninja.log-regex-markup
Status: ENABLED (all requirements are satisifed)

The Log Regex Markup engine is yet another unique and highly useful feature of IO Ninja dedicated to providing visual aids when you analyze captured data logs.

The engine relies on user-defined regular expressions to automatically — and instantaneously! — highlight data patterns or insert packet delimiters.

Colorize

The most straightforward way to use this regex markup feature is to write a regular expression for important tokens in your protocol — and then colorize (i.e., highlight those tokens with color).

For example, in the screenshot, all XTERM CSI escape sequences are automatically colored orange.

Packetize

An alternative approach is to insert delimiters between packet boundaries and use a regular expression to define such boundaries.

For instance, if packets in your protocol always start with a specific header/preamble, you can define a regular expression to match those headers and insert delimiters before matches.

Likewise, if packets have well-defined terminators — define a terminator-matching regex and insert delimiters after matches.

Multiple Rules

Want to colorize different entities with different colors? How about highlighting packet boundaries? No problem! You can define as many rules and use as many colors as necessary to mark up everything you need.

And the best part — it's going to be just as fast as marking up with a single regex!

Regex Engine Specifics

The IO Ninja regular expression engine is DFA-based (unlike backtracking engines used in PCRE, Python, Ruby, etc.)

On the one hand, backtracking engines could suffer from performance drops — sometimes exponential! — depending on regular expressions and the number of patterns. IO Ninja doesn't have these drawbacks — no matter what the regular expressions are and how many markup rules you define, the log will always get colorized and packetized FAST!

On the other hand, IO Ninja doesn't support some advanced regular expression features available in PCRE and other backtrackers — most notably, backreferences and named groups.

Please refer to the tables below of supported regular expressions.

ConstructDescription
^Begin-of-text or begin-of-line
$End-of-text or end-of-line
[ ]Character class
[^ ]Negated character class
( )Capturing group
(?: )Non-capturing group
?Preceding element is optional
??Preceding element is optional (non-greedy)
*Preceding element is repeated zero or more times
*?Preceding element is repeated zero or more times (non-greedy)
+Preceding element is repeated one or more times
+?Preceding element is repeated one or more times (non-greedy)
|Alternative
{ n }Preceding element is repeated n times
.Any character
Escape-sequenceDescription
\ABegin-of-text
\zEnd-of-text
\bWord boundary
\dDecimal digit
\DNot a decimal digit
\hHexadecimal digit
\HNot a hexadecimal digit
\wA word character
\WNot a word character
\sA space character
\SNot a space character
\0A zero character (U+0000)
\aAn alarm character (U+0007)
\eAn escape character (U+001B)
\fA formfeed character (U+000C)
\nA newline character (U+000A)
\rA carriage return character (U+000D)
\tA tabulation character (U+0009)
\vA vertical tabulation character (U+000B)
\x<HH>A character specified by two hexadecimal digits HH
\u<HHHH>A character specified by four hexadecimal digits HHHH
\U<HHHHHHHH>A character specified by eight hexadecimal digits HHHHHHHH
\<DDD>A character specified by three octal digits DDD

Gallery