[Bro-Dev] #976: regex change in syslog-analyzer.pac
Bro Tracker
bro at tracker.bro.org
Tue Apr 2 14:10:43 PDT 2013
#976: regex change in syslog-analyzer.pac
------------------------+--------------------
Reporter: aashish | Type: Patch
Status: new | Priority: Medium
Milestone: Bro2.2 | Component: Bro
Version: git/master | Keywords:
------------------------+--------------------
Changing {{{[[:digit:]] to [[:alnum:]]}}} allows to capture windows logs
via syslog analyzer specifically when logs are forwarded via snare.
I can provide a trace, if desired. I tested this change locally and seems
to be working just fine.
{{{
diff --git a/src/syslog-protocol.pac b/src/syslog-protocol.pac
index a2bf8a3..bc6d931 100644
--- a/src/syslog-protocol.pac
+++ b/src/syslog-protocol.pac
@@ -5,7 +5,7 @@ type Syslog_Message = record {
type Syslog_Priority = record {
lt : uint8 &check(lt == "<");
- val : RE/[[:digit:]]+/;
+ val : RE/[[:alnum:]]+/;
gt : uint8 &check(gt == ">");
} &let {
val_length: int = sizeof(val) - 1;
}}}
--
Ticket URL: <http://tracker.bro.org/bro/ticket/976>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list