Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Sheran Gunasekera" <gentoo@...>
Subject: prelude-lml and log_prefix_regex
Date: Sat, 15 Oct 2005 05:33:37 -0400
Hi Chris,
Give this a go:
(?P<timestamp>.{15}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:)

I'm not using either Snort or Prelude, but I tried this on Python and I
think it
yields the results you require.  I wonder about only capturing the first 15
characters for the timestamp, though.  It comes up a bit short.  As I am
unsure
of the context it is being used, I cannot comment, but I would capture
at least
19 characters:

(?P<timestamp>.{19}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:)

Take care,
Sheran 
-- 
gentoo-security@g.o mailing list


Replies:
Re: prelude-lml and log_prefix_regex
-- Chris
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
[no subject]
Next by thread:
Re: prelude-lml and log_prefix_regex
Previous by date:
prelude-lml and log_prefix_regex
Next by date:
Re: prelude-lml and log_prefix_regex


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.