1 |
Yeah, this did the trick :) |
2 |
Thanks alot Sheran, now i'm able to get some sleep *smiling from one ear |
3 |
to the other* |
4 |
|
5 |
Greets, Chris |
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 |
|
12 |
Sheran Gunasekera wrote: |
13 |
|
14 |
>Hi Chris, |
15 |
>Give this a go: |
16 |
>(?P<timestamp>.{15}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:) |
17 |
> |
18 |
>I'm not using either Snort or Prelude, but I tried this on Python and I |
19 |
>think it |
20 |
>yields the results you require. I wonder about only capturing the first 15 |
21 |
>characters for the timestamp, though. It comes up a bit short. As I am |
22 |
>unsure |
23 |
>of the context it is being used, I cannot comment, but I would capture |
24 |
>at least |
25 |
>19 characters: |
26 |
> |
27 |
>(?P<timestamp>.{19}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:) |
28 |
> |
29 |
>Take care, |
30 |
>Sheran |
31 |
> |
32 |
> |
33 |
-- |
34 |
gentoo-security@g.o mailing list |