[Bro] Bro regex documentation
Seth Hall
seth at icir.org
Thu Jan 20 12:23:59 PST 2011
On Jan 20, 2011, at 2:37 PM, sridhar basam wrote:
> Can anyone point me at documentation on Bro's builtin string/pattern functions?
The regular expressions are most similar to flex's regular expressions (with minor differences), but you can typically assume that they are POSIX regular expressions.
> Does bro support back-references?
No. I'll let Robin or Vern give more detail here if they want to, I'm definitely not qualified to explain all of the reasons that back references aren't supported. :)
> I am trying to look for specific patterns in a tcp stream and need to be able to log out said patterns to a file.
Why don't the string splitting functions (defined in strings.bif) work for your scenario?
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list