Ok, being that I am only at a beginner level with regular expression (please take mercy) I am looking to see if there is a way to optimize the following expression to be more efficient.
 
The data that I am going against will have lines like below:
 
warning: Connection rate limit exceeded: 5 from unknown[unknown] for service smtp
warning: Connection rate limit exceeded: 7 from unknown[213.253.xxx.xxx] for service smtp
 
The regex that I am currently using is:
 
warning: Connection rate limit exceeded: (.*) from (.*)\[<HOST>\]
 
Clearly, with the above expression it could locate items to process with an 'unknown' ipaddress which is not too efficient.  Does anyone know how to exclude the items "unknown[unknown]" within the single expression? I have tried the examples that I found using Google and the likes, but they seem to fail or do not return results.
 
Thanks for any help