Thanks, Todd -- I am happy that you like sec :-) risto 2017-03-17 18:50 GMT+02:00 Todd M. Hall <t...@msstate.edu>: > Risto, > > Good to know, thanks. And while I've got your attention I'd like to thank you > for an awesome program and for all of your hard work. > > > On Fri, 17 Mar 2017, Risto Vaarandi wrote: > >> Date: Fri, 17 Mar 2017 11:09:16 -0500 >> From: Risto Vaarandi <risto.vaara...@seb.ee> >> To: Todd M. Hall <t...@msstate.edu>, >> Simple Event Corralator <simple-evcorr-users@lists.sourceforge.net> >> Subject: RE: [Simple-evcorr-users] Negation >> >> Hi Todd, >> Since SEC is written in Perl, it uses Perl's regular expression engine, and >> therefore supports all regular expression features that are supported by the >> underlying Perl version. Since SEC requires perl 5.8 or later which all have >> lookaheads and lookbehinds, they can also be used in rule definitions. >> Kind regards, >> risto >> >> >>> -----Original Message----- >>> From: Todd M. Hall [mailto:t...@msstate.edu] >>> Sent: Friday, March 17, 2017 5:02 PM >>> To: Simple Event Corralator <simple-evcorr-users@lists.sourceforge.net> >>> Subject: Re: [Simple-evcorr-users] Negation >>> >>> I've not verified if this works in SEC, but you could maybe do a negative >>> lookahead/behind >>> >>> \.php\?id=[0-9A-Za-z]{8}(?!\.net|\.org) >>> >>> (?<!\.net|\.org)\S+\.php\?id=[0-9A-Za-z]{8} >>> >>> There may be a bit of a performance hit with using these though. Give them >>> a try. >>> >>> >>> On Thu, 16 Mar 2017, James Lay wrote: >>> >>>> Date: Thu, 16 Mar 2017 17:42:25 -0500 >>>> From: James Lay <j...@slave-tothe-box.net> >>>> To: Simple Event Corralator <simple-evcorr-users@lists.sourceforge.net> >>>> Subject: [Simple-evcorr-users] Negation >>>> >>>> Hey all, >>>> >>>> So I'm trying to create a rule to match this pattern: >>>> >>>> "\.php\?id=[0-9A-Za-z]{8}" >>>> >>>> The caveat is that I can't match certain things like, for example >>>> "\.net|\.org". How do I create a regex with negation for SEC? Thank >>>> you. >>>> >>>> James >>>> >>>> ------------------------------------------------------------------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> _______________________________________________ >>>> Simple-evcorr-users mailing list >>>> Simple-evcorr-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users >>>> >>> >>> -- >>> Todd M. Hall >>> Sr. Network Analyst >>> Information Technology Services >>> Mississippi State University >>> t...@msstate.edu >>> 662-325-9311 (phone) >>> >>> ------------------------------------------------------------------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> _______________________________________________ >>> Simple-evcorr-users mailing list >>> Simple-evcorr-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users >> > > -- > Todd M. Hall > Sr. Network Analyst > Information Technology Services > Mississippi State University > t...@msstate.edu > 662-325-9311 (phone) > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
