1 |
Hi Chris, |
2 |
Give this a go: |
3 |
(?P<timestamp>.{15}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:) |
4 |
|
5 |
I'm not using either Snort or Prelude, but I tried this on Python and I |
6 |
think it |
7 |
yields the results you require. I wonder about only capturing the first 15 |
8 |
characters for the timestamp, though. It comes up a bit short. As I am |
9 |
unsure |
10 |
of the context it is being used, I cannot comment, but I would capture |
11 |
at least |
12 |
19 characters: |
13 |
|
14 |
(?P<timestamp>.{19}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:) |
15 |
|
16 |
Take care, |
17 |
Sheran |
18 |
-- |
19 |
gentoo-security@g.o mailing list |