[Bro] Is there a regex that can be used to match the uids in the logs?
Paul Halliday
paul.halliday at gmail.com
Wed May 21 17:03:41 PDT 2014
This is probably really ghetto but bear with me..
I am prototyping something where I am parsing the results from an
elasticsearch query. I know what format my data is in but I want to be able
to add some functionality for those sources that may not be structured the
same way; for example no field names or different field indexes.
I want the regex so that I can do a replace (add a link to the uid) so the
user can quick query it.
On Wed, May 21, 2014 at 8:50 PM, anthony kasza <anthony.kasza at gmail.com>wrote:
> Is there a reason why you can't use the field seperator and field name?
> On May 21, 2014 4:44 PM, "Paul Halliday" <paul.halliday at gmail.com> wrote:
>
>> Thanks.
>>
>> --
>> Paul Halliday
>> http://www.pintumbler.org/
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
--
Paul Halliday
http://www.pintumbler.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140521/529f1588/attachment.html
More information about the Bro
mailing list