Re: [Simple-evcorr-users] Negation

Fri, 17 Mar 2017 09:04:21 -0700 

Let us know if it works or not so it'll be searchable for others later. 
Performance won't likely be a problem unless you have a busy SEC process.


On Fri, 17 Mar 2017, James Lay wrote:

> Date: Fri, 17 Mar 2017 10:47:00 -0500
> From: James Lay <j...@slave-tothe-box.net>
> To: simple-evcorr-users@lists.sourceforge.net
> Subject: Re: [Simple-evcorr-users] Negation
> 
> Thanks Todd...I had the regex101.com link up and trying to learn about
> lookahead/behind...it makes me head hurt.
>
> James
>
> On 2017-03-17 09:02, Todd M. Hall wrote:
>> I've not verified if this works in SEC, but you could maybe do a
>> negative
>> lookahead/behind
>>
>> \.php\?id=[0-9A-Za-z]{8}(?!\.net|\.org)
>>
>> (?<!\.net|\.org)\S+\.php\?id=[0-9A-Za-z]{8}
>>
>> There may be a bit of a performance hit with using these though.  Give
>> them a
>> try.
>>
>>
>> On Thu, 16 Mar 2017, James Lay wrote:
>>
>>> Date: Thu, 16 Mar 2017 17:42:25 -0500
>>> From: James Lay <j...@slave-tothe-box.net>
>>> To: Simple Event Corralator
>>> <simple-evcorr-users@lists.sourceforge.net>
>>> Subject: [Simple-evcorr-users] Negation
>>>
>>> Hey all,
>>>
>>> So I'm trying to create a rule to match this pattern:
>>>
>>> "\.php\?id=[0-9A-Za-z]{8}"
>>>
>>> The caveat is that I can't match certain things like, for example
>>> "\.net|\.org".  How do I create a regex with negation for SEC?  Thank
>>> you.
>>>
>>> James
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Simple-evcorr-users mailing list
>>> Simple-evcorr-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>>>
>>
>> --
>> Todd M. Hall
>> Sr. Network Analyst
>> Information Technology Services
>> Mississippi State University
>> t...@msstate.edu
>> 662-325-9311 (phone)
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Simple-evcorr-users mailing list
>> Simple-evcorr-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>

-- 
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to