You are correct, my mistake. Kind Regards,
Ben Cooper On 10/12/2010 10:45, José Manuel Agudo Cuesta wrote: > I think that it's not necessary, because tcp and udp filters include the > same ip address. > > If you generate one file with regex including "(?:udp|tcp)" and other > with only "tcp", sort both files and remove duplicate lines (with uniq > command) the results are identical. > > Best Regards, > > José Manuel > > El 10/12/10 11:16, Adrian Popa escribió: >> The technically correct regex would be: >> >> my ($ip_list) = $line=~m/alert (?:udp|tcp) \$HOME_NET any \<\> >> \[([^\]]+)\]/; >> >> Your regex might match "ucdup" as a string, which is not desired. If >> your data is well formatted (and I suppose it is), it would still work, >> though >> >> Regards, >> Adrian Popa >> >> On Fri, Dec 10, 2010 at 11:20 AM, Ben Cooper <[email protected] >> <mailto:[email protected]>> wrote: >> >> This only appears to pull out half the records: >> >> > > my ($ip_list) = $line=~m/alert tcp \$HOME_NET any \<\> >> \[([^\]]+)\]/; >> >> I did this: >> >> > my ($ip_list) = $line=~m/alert [udptcp]+ \$HOME_NET any \<\> >> \[([^\]]+)\]/; >> >> Correct me if I'm wrong (though excuse my poor regex). >> >> Kind Regards, >> >> Ben Cooper >> >> On 10/12/2010 08:49, José Manuel Agudo Cuesta wrote: >> > Hi, >> > >> > Only a minor modification is needed: >> > >> > 20,21c20 >> > < >> > < my ($ip_list) = $line=~m/alert ip \$HOME_NET any \-\> >> \[([^\]]+)\]/; >> > --- >> > > my ($ip_list) = $line=~m/alert tcp \$HOME_NET any \<\> >> \[([^\]]+)\]/; >> > >> > Best regards, >> > >> > Jose >> > >> > El 09/12/10 15:06, Lino Moragon escribió: >> >> Hi List, >> >> >> >> I'm using the great tool Nfsen for some time now and wanted to >> give the >> >> nfsen-botnet plugin a try. >> >> >> >> As I'm not very acquainted with perl and scripting in general I >> wanted >> >> to ask if somebody here has got a working conversion script that >> >> downloads the emerging-botcc.rules and converts it to a file >> usable for >> >> the program botnet_filter. >> >> >> >> I tried it with the example script get_botnets_emerging-botcc >> included >> >> in the nfsen-botnet-0.3.tar.gz tarball. But I unfortunately >> failed cause >> >> the script isn't giving me any output at all. >> >> I'm invoking it like: ./get_botnets_emerging-botcc >> emerging-botcc.rules. >> >> The rules I downloaded from >> >> http://rules.emergingthreats.net/blockrules/emerging-botcc.rules >> >> >> >> Has anyone got a working script? Any help would be greatly >> apreciated. >> >> >> >> Kind regards >> >> Lino >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> This SF Dev2Dev email is sponsored by: >> >> >> >> WikiLeaks The End of the Free Internet >> >> http://p.sf.net/sfu/therealnews-com >> >> _______________________________________________ >> >> Nfsen-discuss mailing list >> >> [email protected] >> <mailto:[email protected]> >> >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >> >> >> > >> > >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Nfsen-discuss mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> >> _______________________________________________ >> Nfsen-discuss mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > > ------------------------------------------------------------------------------ _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
