Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
Hi Chris,
Give this a go:
(?P<timestamp>.{15}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:)
I'm not using either Snort or Prelude, but I tried this on Python and I
think it
yields the results you require. I wonder about only capturing the first 15
characters for the timestamp, though. It comes up a bit short. As I am
unsure
of the context it is being used, I cannot comment, but I would capture
at least
19 characters:
(?P<timestamp>.{19}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:)
Take care,
Sheran
--
gentoo-security@g.o mailing list
|
|
