I'm trying to exctract the field cs(User-Agent) from IIS 2012 log using regex but without succes.
My log looks like that:
Message=date 2018-02-09 time 10:53:35 s-sitename W3SVC1 s-computername myserver s-ip 222.222.222.222 cs-method GET cs-uri-stem /Front/Scripts/app/Front/totot.js cs-uri-query X-IIS-CACHE-HIT=0&X-IIS-LOG-ID=043bd7cf-5d48-4fe2-a285-7758ac5b38bc&SERVER-STATUS=200 s-port 443 cs-username - c-ip 111.111.111.111 cs-version HTTP/1.1 cs(User-Agent) Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko cs(Cookie) .CWEASPXAUTH=B9C45B542C923BD9BBB1305AEFB9C45B542C923BD9BBB1305AEF8B9C45B542C923BD9BBB1305AEFB5BB32D277FCE2C02A72A21CC86DD823A4AA994073034301923AB33491DA626954564564654654655435465D14C156041860C4B61CD2DAE73FE22492D780B210D4A5760ECF787C90D3AC7B90FFA0C4F8329CBB9E58073DF781C29D4B96770757B1660896CA5FA4CDBB558384A512B8515B6B3A1AB11473476F224C5D74F663CC4280426E77B8D9AEF800DE5B3E757A8CBEF2B84026E4E11889BBD818DEE8E010A8F7F8C1FEF92F3A3C31649DD5348DA0239F4932DF7186ABFDF36D87CD3E53F5B5FBBB5BE714A72827F414D7254755D91E366AAC00FEE8C39DE3BDA78253D963B03B7BE18EA84E6BD1A3B08D169C1D97830890CE cs(Referer) https://test.com/ cs-host test.com sc-status 304 sc-substatus 0 sc-win32-status 0 sc-bytes 245 cs-bytes 1076 time-taken 140
So that I need is everything after "cs(User-Agent) " and before "cs(Cookie)".
Can you help me to do this please?
ps: I'm trying to say hello at the beginning but it doesn't work :(
