[Bro] Is there a regex that can be used to match the uids in the logs?

Seth Hall seth at icir.org
Thu May 22 07:28:40 PDT 2014

On May 21, 2014, at 7:58 PM, James Lay <jlay at slave-tothe-box.net> wrote:

> egrep -o '[0-9a-zA-Z]{18}'

I don't think there is a requirement that UIDs are 18 characters long.  I believe it depends on the number being represented underneath.  Although, now with 96bit uids it is less likely to have shorter uids but I think it's still possible.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140522/2ee347dc/attachment.bin 

More information about the Bro mailing list