Thanks, Todd -- I am happy that you like sec :-) risto 2017-03-17 18:50 GMT+02:00 Todd M. Hall <[email protected]>: > Risto, > > Good to know, thanks. And while I've got your attention I'd like to thank you > for an awesome program and for all of your hard work. > > > On Fri, 17 Mar 2017, Risto Vaarandi wrote: > >> Date: Fri, 17 Mar 2017 11:09:16 -0500 >> From: Risto Vaarandi <[email protected]> >> To: Todd M. Hall <[email protected]>, >> Simple Event Corralator <[email protected]> >> Subject: RE: [Simple-evcorr-users] Negation >> >> Hi Todd, >> Since SEC is written in Perl, it uses Perl's regular expression engine, and >> therefore supports all regular expression features that are supported by the >> underlying Perl version. Since SEC requires perl 5.8 or later which all have >> lookaheads and lookbehinds, they can also be used in rule definitions. >> Kind regards, >> risto >> >> >>> -----Original Message----- >>> From: Todd M. Hall [mailto:[email protected]] >>> Sent: Friday, March 17, 2017 5:02 PM >>> To: Simple Event Corralator <[email protected]> >>> Subject: Re: [Simple-evcorr-users] Negation >>> >>> I've not verified if this works in SEC, but you could maybe do a negative >>> lookahead/behind >>> >>> \.php\?id=[0-9A-Za-z]{8}(?!\.net|\.org) >>> >>> (?<!\.net|\.org)\S+\.php\?id=[0-9A-Za-z]{8} >>> >>> There may be a bit of a performance hit with using these though. Give them >>> a try. >>> >>> >>> On Thu, 16 Mar 2017, James Lay wrote: >>> >>>> Date: Thu, 16 Mar 2017 17:42:25 -0500 >>>> From: James Lay <[email protected]> >>>> To: Simple Event Corralator <[email protected]> >>>> Subject: [Simple-evcorr-users] Negation >>>> >>>> Hey all, >>>> >>>> So I'm trying to create a rule to match this pattern: >>>> >>>> "\.php\?id=[0-9A-Za-z]{8}" >>>> >>>> The caveat is that I can't match certain things like, for example >>>> "\.net|\.org". How do I create a regex with negation for SEC? Thank >>>> you. >>>> >>>> James >>>> >>>> ------------------------------------------------------------------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> _______________________________________________ >>>> Simple-evcorr-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users >>>> >>> >>> -- >>> Todd M. Hall >>> Sr. Network Analyst >>> Information Technology Services >>> Mississippi State University >>> [email protected] >>> 662-325-9311 (phone) >>> >>> ------------------------------------------------------------------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> _______________________________________________ >>> Simple-evcorr-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users >> > > -- > Todd M. Hall > Sr. Network Analyst > Information Technology Services > Mississippi State University > [email protected] > 662-325-9311 (phone) > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Simple-evcorr-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
