How can I extract a specific part with grep in Linux between multiple double quotes?

Question

I would like to extract the part

msg="services.facebook.com:Content Server, Rule_name:WAN6_Ongoing, SSI:N (Content)"

from

src="192.168.1.1:443" dst="192.168.1.1:80" msg="services.facebook.com:Content Server, Rule_name:WAN6_Ongoing, SSI:N (Content)" note="WEB FORWARD" user="unknown" devID="ptz6e398b4a2" cat="Forward Web Sites"

When I enter grep -Eo 'msg=".*"' it copies me

msg="services.facebook.com:Content Server, Rule_name:WAN6_Ongoing, SSI:N (Content)" note="WEB FORWARD" user="unknown" devID="ptz6e398b4a2" cat="Forward Web Sites"

I was able to extract the src and dst parts with grep -Eo 'src="[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}:[0-9]{1,10}"'

I also want to extract the note, user, and cat parts to put everything in a csv data file. I didn't do it with awk $ because the spaces between the words aren't the same every time.

Answer 1

Using grep

$ grep -Eo '(msg|note|user|cat)="[^"]*"' input_file
msg="services.facebook.com:Content Server, Rule_name:WAN6_Ongoing, SSI:N (Content)"
note="WEB FORWARD"
user="unknown"
cat="Forward Web Sites"

Answer 2

$ grep -o 'msg="[^"]*"' file
msg="services.facebook.com:Content Server, Rule_name:WAN6_Ongoing, SSI:N (Content)"

$ grep -o 'src="[^"]*"' file
src="192.168.1.1:443"

$ grep -o 'dst="[^"]*"' file
dst="192.168.1.1:80"

The above assumes you don't have any "s inside the quoted strings and you don't have tags like foomsg="..." where msg is a substring.