Changes between Version 55 and Version 56 of waue
- Timestamp:
- Jul 15, 2008, 3:42:56 PM (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
waue
v55 v56 11 11 12 12 * 正規表示法: 13 {{{ 13 14 [] 來搜尋集合字元: 't[ae]st' 14 15 不想要 oo 前面有 g: '[^g]oo' … … 19 20 行尾結束為小數點 (.) 的那一行 : '\.$' 20 21 ^ 符號,在 [] 內代表『反向選擇』,在 [] 之外則代表定位在行首的意義! 22 }}} 23 * snort log 範例 : 24 > [**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM [**] 25 > [Classification: Detection of a non-standard protocol or event] [Priority: 2] 26 > 07/08-14:58:56.295033 140.110.138.253 -> 224.0.0.13 27 > PIM TTL:1 TOS:0xC0 ID:11423 IpLen:20 DgmLen:54 28 > [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0567][Xref => http://www.securityfocus.com/bid/8211] 29 ----------- 21 30 22 > [**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM [**] 31 > [**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM [**] 23 32 24 {{{ 25 ^\[\**\] \[([1-9]*):([1-9]*):([1-9]*)\] ([^[]*) 26 }}} 33 正規表示式: 27 34 35 '''^\[\**\] \[([1-9]*):([1-9]*):([1-9]*)\] ([^[]*)''' 36 37 結果: 28 38 || 1 || [**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM || 29 39 || 2 || 1 ||