Regex includes part of string but excludes another part of strig

Question

I am trying to find out how someone hacked on of my clients' sites. I am searching the log files using ^(?!.*404).*194\.226.*$ to try and find a line in a log file where someone whose IP address starts with 194.226 was accessing the server that did not result in a 404.

A typical line in the log file is 194.226.xx.xx - - [18/Feb/2014:01:45:10 +0100] "GET /tikiwiki/tiki-graph_formula.php?w=1&h=1&s=1&min=1&max=2&f[]=x.tan.phpinfo()&t=png&title=http://www.google.com/humans.txt? HTTP/1.0" 404 84403 "-" "-" 163 84852

I assume the 404 near the end of the line is a 404 not found as it follows the HTTP/1.0 response.

It is important that the 194.226 IS in the line, but 404 is NOT in the line. From research here RegExp Look for part but exclude If, I came up with the above line. It is either not working or it is not found. I have no way of knowing which one though, as the log file is 2188MB in size.

My question: Is the regex correct?

Answer 1

I think this should help you move

^194\.226\.((?!404).)*$

demo : http://regex101.com/r/eM5bR8

Answer 2

Yes, the regular expression is correct as long as you can be sure, that 404 is not part of the IP-adress

Answer 3

Use this regex:

(?!.*404).*\b194\.226\b.*

Also, you'll need to use multiline flag, so that it matches all those.