
Log Regex Markup
Requires: | ![]() com.ioninja.log-regex-markup |
Status: | ENABLED (all requirements are satisifed) |
The Log Regex Markup engine is yet another unique and highly useful feature of IO Ninja dedicated to providing visual aids when you analyze captured data logs.
The engine relies on user-defined regular expressions to automatically — and instantaneously! — highlight data patterns or insert packet delimiters.
Colorize
The most straightforward way to use this regex markup feature is to write a regular expression for important tokens in your protocol — and then colorize (i.e., highlight those tokens with color).
For example, in the screenshot, all XTERM CSI escape sequences are automatically colored orange.
Packetize
An alternative approach is to insert delimiters between packet boundaries and use a regular expression to define such boundaries.
For instance, if packets in your protocol always start with a specific header/preamble, you can define a regular expression to match those headers and insert delimiters before matches.
Likewise, if packets have well-defined terminators — define a terminator-matching regex and insert delimiters after matches.
Multiple Rules
Want to colorize different entities with different colors? How about highlighting packet boundaries? No problem! You can define as many rules and use as many colors as necessary to mark up everything you need.
And the best part — it's going to be just as fast as marking up with a single regex!
Regex Engine Specifics
The IO Ninja regular expression engine is DFA-based (unlike backtracking engines used in PCRE, Python, Ruby, etc.)
On the one hand, backtracking engines could suffer from performance drops — sometimes exponential! — depending on regular expressions and the number of patterns. IO Ninja doesn't have these drawbacks — no matter what the regular expressions are and how many markup rules you define, the log will always get colorized and packetized FAST!
On the other hand, IO Ninja doesn't support some advanced regular expression features available in PCRE and other backtrackers — most notably, backreferences and named groups.
Please refer to the tables below of supported regular expressions.
Construct | Description |
---|---|
^ | Begin-of-text or begin-of-line |
$ | End-of-text or end-of-line |
[ ] | Character class |
[^ ] | Negated character class |
( ) | Capturing group |
(?: ) | Non-capturing group |
? | Preceding element is optional |
?? | Preceding element is optional (non-greedy) |
* | Preceding element is repeated zero or more times |
*? | Preceding element is repeated zero or more times (non-greedy) |
+ | Preceding element is repeated one or more times |
+? | Preceding element is repeated one or more times (non-greedy) |
| | Alternative |
{ n } | Preceding element is repeated n times |
. | Any character |
Escape-sequence | Description |
---|---|
\A | Begin-of-text |
\z | End-of-text |
\b | Word boundary |
\d | Decimal digit |
\D | Not a decimal digit |
\h | Hexadecimal digit |
\H | Not a hexadecimal digit |
\w | A word character |
\W | Not a word character |
\s | A space character |
\S | Not a space character |
\0 | A zero character (U+0000) |
\a | An alarm character (U+0007) |
\e | An escape character (U+001B) |
\f | A formfeed character (U+000C) |
\n | A newline character (U+000A) |
\r | A carriage return character (U+000D) |
\t | A tabulation character (U+0009) |
\v | A vertical tabulation character (U+000B) |
\x<HH> | A character specified by two hexadecimal digits HH |
\u<HHHH> | A character specified by four hexadecimal digits HHHH |
\U<HHHHHHHH> | A character specified by eight hexadecimal digits HHHHHHHH |
\<DDD> | A character specified by three octal digits DDD |