i have a modsecurity log that i want to pull a couple things from. here is an example line
[05/Mar/2008:12:50:07 --0800] [www.mydomain.com/sid#1ef44178][rid#2042fa58][//member/index.php][2] Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/usr/local/apache2/modsec/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"]
so i want to print out the id, domain,path, and tag from lines that only have CRITICAL in them.
so from the above i want
960015 | www.mydomain.com | /member/index.php | PROTOCOL_VIOLATION/MISSING_HEADER
i am really bad at regular expressions and can only do simple things. if anyone can help and whip something up, i would appreciate it.