[Bro] Is there a regex that can be used to match the uids in the logs?
Seth Hall
seth at icir.org
Thu May 22 07:28:40 PDT 2014
On May 21, 2014, at 7:58 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> egrep -o '[0-9a-zA-Z]{18}'
I don't think there is a requirement that UIDs are 18 characters long. I believe it depends on the number being represented underneath. Although, now with 96bit uids it is less likely to have shorter uids but I think it's still possible.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140522/2ee347dc/attachment.bin
More information about the Bro
mailing list