
Regex Grab Only First Occurrence of IP from Syslog

I need to put a RegEX into an OpenNMS config file. I am trying to grab just the first IP address from a syslog message. The format is:

Sep 13 08:36:37 %ASA-4-106023: Deny tcp src outside:
56607 dst inside: by access-group "outside_access_in" [0x0, 0x0]

So far I have:


Which will grab all three of the IP addresses. How do I limit it to one?

In the NMS config file I need to fill in these lines:

forwarding-regexp="regex here"

So I need a regex that will put just the first IP into a group, while creating a group for the entire Syslog message


  • It seems you want


    See the regex demo
