I would like to extract the part
msg="services.facebook.com:Content Server, Rule_name:WAN6_Ongoing, SSI:N (Content)"
from
src="192.168.1.1:443" dst="192.168.1.1:80" msg="services.facebook.com:Content Server, Rule_name:WAN6_Ongoing, SSI:N (Content)" note="WEB FORWARD" user="unknown" devID="ptz6e398b4a2" cat="Forward Web Sites"
When I enter grep -Eo 'msg=".*"' it copies me
msg="services.facebook.com:Content Server, Rule_name:WAN6_Ongoing, SSI:N (Content)" note="WEB FORWARD" user="unknown" devID="ptz6e398b4a2" cat="Forward Web Sites"
I was able to extract the src and dst parts with grep -Eo 'src="[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}:[0-9]{1,10}"'
I also want to extract the note, user, and cat parts to put everything in a csv data file. I didn't do it with awk $ because the spaces between the words aren't the same every time.
Using grep
$ grep -Eo '(msg|note|user|cat)="[^"]*"' input_file
msg="services.facebook.com:Content Server, Rule_name:WAN6_Ongoing, SSI:N (Content)"
note="WEB FORWARD"
user="unknown"
cat="Forward Web Sites"