| 1 |
Yeah, this did the trick :) |
| 2 |
Thanks alot Sheran, now i'm able to get some sleep *smiling from one ear |
| 3 |
to the other* |
| 4 |
|
| 5 |
Greets, Chris |
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
Sheran Gunasekera wrote: |
| 13 |
|
| 14 |
>Hi Chris, |
| 15 |
>Give this a go: |
| 16 |
>(?P<timestamp>.{15}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:) |
| 17 |
> |
| 18 |
>I'm not using either Snort or Prelude, but I tried this on Python and I |
| 19 |
>think it |
| 20 |
>yields the results you require. I wonder about only capturing the first 15 |
| 21 |
>characters for the timestamp, though. It comes up a bit short. As I am |
| 22 |
>unsure |
| 23 |
>of the context it is being used, I cannot comment, but I would capture |
| 24 |
>at least |
| 25 |
>19 characters: |
| 26 |
> |
| 27 |
>(?P<timestamp>.{19}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:) |
| 28 |
> |
| 29 |
>Take care, |
| 30 |
>Sheran |
| 31 |
> |
| 32 |
> |
| 33 |
-- |
| 34 |
gentoo-security@g.o mailing list |
Archives