Gentoo Archives: gentoo-security

From: Sheran Gunasekera <gentoo@××××××.com>
To: gentoo-security@l.g.o
Subject: [gentoo-security] prelude-lml and log_prefix_regex
Date: Sat, 15 Oct 2005 09:38:13
Message-Id: E1EQiQ5-0006HN-5Y@cp02.buyhttp.com
Hi Chris,
Give this a go:
(?P<timestamp>.{15}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:)

I'm not using either Snort or Prelude, but I tried this on Python and I
think it
yields the results you require.  I wonder about only capturing the first 15
characters for the timestamp, though.  It comes up a bit short.  As I am
unsure
of the context it is being used, I cannot comment, but I would capture
at least
19 characters:

(?P<timestamp>.{19}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:)

Take care,
Sheran 
-- 
gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] prelude-lml and log_prefix_regex Chris <chris@×××××××××××.net>