Changeset 47 for sample/hadoop-0.16/tw/org/nchc/code/SnortParser.java
- Timestamp:
- Aug 8, 2008, 4:37:54 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sample/hadoop-0.16/tw/org/nchc/code/SnortParser.java
r45 r47 55 55 case 4: 56 56 patten_line = Pattern 57 .compile("^([^ ]*) TTL:([^ ]*) TOS:([^ ]*) ID:([^ ]*) IpLen:([^ ]*) DgmLen:([^ ]*)$"); 57 .compile("^([^ ]*) [^$]*$"); 58 // .compile("^([^ ]*) TTL:([^ ]*) TOS:([^ ]*) ID:([^ ]*) IpLen:([^ ]*) DgmLen:([^ ]*)$"); 59 58 60 break; 59 61 default: … … 69 71 this.logData += (data[j] + ";"); 70 72 } 71 73 }else if(i ==1 ){ 74 this.logData += "0;0;0;parse error;"; 75 }else if(i == 2){ 76 this.logData += "Port Scan;3;"; 77 }else if(i == 3){ 78 this.logData += "01;01;00;00;00;error;error;"; 79 }else if(i == 4){ 80 this.logData += "0;"; 81 }else{ 82 this.logData = "*FatalError*"; 72 83 } 73 84 … … 83 94 if (line == null) { 84 95 break; 85 } else if(line.isEmpty()){96 } else if (line.isEmpty()) { 86 97 fw.write(this.logData.toString() + "\n"); 87 98 this.logData = ""; 88 count = 0; 89 } else if (count < 4) {99 count = 0; 100 } else if (count < 4) { 90 101 // System.out.println(line); 91 102 snortParser(line, count + 1); … … 100 111 } 101 112 113 // 需搞定icmp ping 的格式問題 102 114 public static void main(String[] args) throws ParseException, Exception { 103 String in = new String("/home/waue/Desktop/alert_ m");104 String ou = new String("/ tmp/alert_SnortBase");115 String in = new String("/home/waue/Desktop/alert_flex.txt"); 116 String ou = new String("/home/waue/Desktop/alert_flex_parsed.txt"); 105 117 SnortParser a = new SnortParser(in, ou); 106 118 a.parseToLine();
Note: See TracChangeset
for help on using the changeset viewer.
