Great, thanks for your fast replies! Works fine! It would have been so simple ;-).
Kind regards, Lino On 12/10/2010 10:20 AM, Ben Cooper wrote: > This only appears to pull out half the records: > >> > my ($ip_list) = $line=~m/alert tcp \$HOME_NET any \<\> \[([^\]]+)\]/; > > I did this: > >> my ($ip_list) = $line=~m/alert [udptcp]+ \$HOME_NET any \<\> \[([^\]]+)\]/; > > Correct me if I'm wrong (though excuse my poor regex). > > Kind Regards, > > Ben Cooper > > On 10/12/2010 08:49, José Manuel Agudo Cuesta wrote: >> Hi, >> >> Only a minor modification is needed: >> >> 20,21c20 >> < >> < my ($ip_list) = $line=~m/alert ip \$HOME_NET any \-\> \[([^\]]+)\]/; >> --- >> > my ($ip_list) = $line=~m/alert tcp \$HOME_NET any \<\> \[([^\]]+)\]/; >> >> Best regards, >> >> Jose >> >> El 09/12/10 15:06, Lino Moragon escribió: >>> Hi List, >>> >>> I'm using the great tool Nfsen for some time now and wanted to give the >>> nfsen-botnet plugin a try. >>> >>> As I'm not very acquainted with perl and scripting in general I wanted >>> to ask if somebody here has got a working conversion script that >>> downloads the emerging-botcc.rules and converts it to a file usable for >>> the program botnet_filter. >>> >>> I tried it with the example script get_botnets_emerging-botcc included >>> in the nfsen-botnet-0.3.tar.gz tarball. But I unfortunately failed cause >>> the script isn't giving me any output at all. >>> I'm invoking it like: ./get_botnets_emerging-botcc emerging-botcc.rules. >>> The rules I downloaded from >>> http://rules.emergingthreats.net/blockrules/emerging-botcc.rules >>> >>> Has anyone got a working script? Any help would be greatly apreciated. >>> >>> Kind regards >>> Lino >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF Dev2Dev email is sponsored by: >>> >>> WikiLeaks The End of the Free Internet >>> http://p.sf.net/sfu/therealnews-com >>> _______________________________________________ >>> Nfsen-discuss mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >>> >> >> > > ------------------------------------------------------------------------------ > _______________________________________________ > Nfsen-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss ------------------------------------------------------------------------------ _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
