Changes between Version 55 and Version 56 of waue


Ignore:
Timestamp:
Jul 15, 2008, 3:42:56 PM (16 years ago)
Author:
waue
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • waue

    v55 v56  
    1111
    1212 * 正規表示法:
     13{{{
    1314 [] 來搜尋集合字元: 't[ae]st'
    1415不想要 oo 前面有 g: '[^g]oo'
     
    1920行尾結束為小數點 (.) 的那一行 : '\.$'
    2021^ 符號,在 [] 內代表『反向選擇』,在 [] 之外則代表定位在行首的意義!
     22}}}
     23 * snort log 範例 :
     24> [**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM [**]
     25> [Classification: Detection of a non-standard protocol or event] [Priority: 2]
     26> 07/08-14:58:56.295033 140.110.138.253 -> 224.0.0.13
     27> PIM TTL:1 TOS:0xC0 ID:11423 IpLen:20 DgmLen:54
     28> [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0567][Xref => http://www.securityfocus.com/bid/8211]
     29-----------
    2130
    22 > [**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM [**]
     31> [**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM [**] 
    2332
    24 {{{
    25 ^\[\**\] \[([1-9]*):([1-9]*):([1-9]*)\] ([^[]*)
    26 }}}
     33正規表示式:
    2734
     35'''^\[\**\] \[([1-9]*):([1-9]*):([1-9]*)\] ([^[]*)'''
     36
     37結果:
    2838 || 1 || [**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM ||
    2939 || 2 || 1 ||