[Bro] Regular expression parenthesised groups

Nick Pratley npratley at redhat.com
Tue Nov 4 21:02:38 PST 2014

Hi, is there a way to capture groups as part of a regular expression using parentheses in a Bro
script? For example, to extract the value of a query string variable in a URI - /foo=([^&]*)/ - I
just want the value in the parentheses.

If not I guess I can do this with the sub and split functions in a way similar to
http://stackoverflow.com/questions/10126956/capture-value-out-of-query-string-with-regex but I just
thought I'd ask.


Nick Pratley
Information Security, Red Hat, Inc.
+61 7 3514 8268

More information about the Bro mailing list