This only appears to pull out half the records: > > my ($ip_list) = $line=~m/alert tcp \$HOME_NET any \<\> \[([^\]]+)\]/;
I did this: > my ($ip_list) = $line=~m/alert [udptcp]+ \$HOME_NET any \<\> \[([^\]]+)\]/; Correct me if I'm wrong (though excuse my poor regex). Kind Regards, Ben Cooper On 10/12/2010 08:49, José Manuel Agudo Cuesta wrote: > Hi, > > Only a minor modification is needed: > > 20,21c20 > < > < my ($ip_list) = $line=~m/alert ip \$HOME_NET any \-\> \[([^\]]+)\]/; > --- > > my ($ip_list) = $line=~m/alert tcp \$HOME_NET any \<\> \[([^\]]+)\]/; > > Best regards, > > Jose > > El 09/12/10 15:06, Lino Moragon escribió: >> Hi List, >> >> I'm using the great tool Nfsen for some time now and wanted to give the >> nfsen-botnet plugin a try. >> >> As I'm not very acquainted with perl and scripting in general I wanted >> to ask if somebody here has got a working conversion script that >> downloads the emerging-botcc.rules and converts it to a file usable for >> the program botnet_filter. >> >> I tried it with the example script get_botnets_emerging-botcc included >> in the nfsen-botnet-0.3.tar.gz tarball. But I unfortunately failed cause >> the script isn't giving me any output at all. >> I'm invoking it like: ./get_botnets_emerging-botcc emerging-botcc.rules. >> The rules I downloaded from >> http://rules.emergingthreats.net/blockrules/emerging-botcc.rules >> >> Has anyone got a working script? Any help would be greatly apreciated. >> >> Kind regards >> Lino >> >> >> ------------------------------------------------------------------------------ >> This SF Dev2Dev email is sponsored by: >> >> WikiLeaks The End of the Free Internet >> http://p.sf.net/sfu/therealnews-com >> _______________________________________________ >> Nfsen-discuss mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >> > > ------------------------------------------------------------------------------ _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
