import re
 
regex = r"^(\w{3}\s+\d+\s\d+:\d+:\d+)\s?:\s?(\w+)\s+:.*(?:\r?\n(?!.*COMMAND).*)*\r?\n.*?COMMAND=(.*(?:\r?\n(?!\w{3}\s+\d+\s\d+).*)*)"
 
test_str = ("Aug  7 14:14:43 : user1 : TTY=pts/53 ; PWD=/path2 ;\n"
	"    USER=root ; COMMAND=/path/to/cmd1\n"
	"Aug  7 14:14:49 : user2 : TTY=pts/53 ; PWD=/usr/home ;\n"
	"    USER=root ; COMMAND=./myscript.sh -m name -o SCHEDULER\n"
	"Aug  7 14:15:14 : user3 : TTY=pts/34 ;\n"
	"    PWD=/path ; USER=root ;\n"
	"    COMMAND=/usr/bin/egrep ^[a-z]*\n"
	"    /filename/toto1234\n"
	"Aug  7 14:15:37 : user4 : TTY=unknown ; PWD=/opt/nagios ; USER=root ;\n"
	"    COMMAND=/path/to/less\n"
	"    /var/opt/otherfile\n"
	"Aug  7 14:16:04 : user4 : TTY=pts/34 ;\n"
	"    PWD=/usr/local/bin/script ; USER=root ;\n"
	"    COMMAND=/usr/bin/egrep ^[a-z]*\n"
	"    /user/local/sbin/tata")
 
print(re.findall(regex, test_str, re.MULTILINE))

aW1wb3J0IHJlCgpyZWdleCA9IHIiXihcd3szfVxzK1xkK1xzXGQrOlxkKzpcZCspXHM/OlxzPyhcdyspXHMrOi4qKD86XHI/XG4oPyEuKkNPTU1BTkQpLiopKlxyP1xuLio/Q09NTUFORD0oLiooPzpccj9cbig/IVx3ezN9XHMrXGQrXHNcZCspLiopKikiCgp0ZXN0X3N0ciA9ICgiQXVnICA3IDE0OjE0OjQzIDogdXNlcjEgOiBUVFk9cHRzLzUzIDsgUFdEPS9wYXRoMiA7XG4iCgkiICAgIFVTRVI9cm9vdCA7IENPTU1BTkQ9L3BhdGgvdG8vY21kMVxuIgoJIkF1ZyAgNyAxNDoxNDo0OSA6IHVzZXIyIDogVFRZPXB0cy81MyA7IFBXRD0vdXNyL2hvbWUgO1xuIgoJIiAgICBVU0VSPXJvb3QgOyBDT01NQU5EPS4vbXlzY3JpcHQuc2ggLW0gbmFtZSAtbyBTQ0hFRFVMRVJcbiIKCSJBdWcgIDcgMTQ6MTU6MTQgOiB1c2VyMyA6IFRUWT1wdHMvMzQgO1xuIgoJIiAgICBQV0Q9L3BhdGggOyBVU0VSPXJvb3QgO1xuIgoJIiAgICBDT01NQU5EPS91c3IvYmluL2VncmVwIF5bYS16XSpcbiIKCSIgICAgL2ZpbGVuYW1lL3RvdG8xMjM0XG4iCgkiQXVnICA3IDE0OjE1OjM3IDogdXNlcjQgOiBUVFk9dW5rbm93biA7IFBXRD0vb3B0L25hZ2lvcyA7IFVTRVI9cm9vdCA7XG4iCgkiICAgIENPTU1BTkQ9L3BhdGgvdG8vbGVzc1xuIgoJIiAgICAvdmFyL29wdC9vdGhlcmZpbGVcbiIKCSJBdWcgIDcgMTQ6MTY6MDQgOiB1c2VyNCA6IFRUWT1wdHMvMzQgO1xuIgoJIiAgICBQV0Q9L3Vzci9sb2NhbC9iaW4vc2NyaXB0IDsgVVNFUj1yb290IDtcbiIKCSIgICAgQ09NTUFORD0vdXNyL2Jpbi9lZ3JlcCBeW2Etel0qXG4iCgkiICAgIC91c2VyL2xvY2FsL3NiaW4vdGF0YSIpCgkKcHJpbnQocmUuZmluZGFsbChyZWdleCwgdGVzdF9zdHIsIHJlLk1VTFRJTElORSkp