Gentoo Archives: gentoo-security

From: Sheran Gunasekera <gentoo@××××××.com>
To: gentoo-security@l.g.o
Subject: [gentoo-security] prelude-lml and log_prefix_regex
Date: Sat, 15 Oct 2005 09:38:13
Message-Id: E1EQiQ5-0006HN-5Y@cp02.buyhttp.com
1 Hi Chris,
2 Give this a go:
3 (?P<timestamp>.{15}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:)
4
5 I'm not using either Snort or Prelude, but I tried this on Python and I
6 think it
7 yields the results you require. I wonder about only capturing the first 15
8 characters for the timestamp, though. It comes up a bit short. As I am
9 unsure
10 of the context it is being used, I cannot comment, but I would capture
11 at least
12 19 characters:
13
14 (?P<timestamp>.{19}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:)
15
16 Take care,
17 Sheran
18 --
19 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] prelude-lml and log_prefix_regex Chris <chris@×××××××××××.net>