[Bro] Regular expression parenthesised groups
Nick Pratley
npratley at redhat.com
Tue Nov 4 21:02:38 PST 2014
Hi, is there a way to capture groups as part of a regular expression using parentheses in a Bro
script? For example, to extract the value of a query string variable in a URI - /foo=([^&]*)/ - I
just want the value in the parentheses.
If not I guess I can do this with the sub and split functions in a way similar to
http://stackoverflow.com/questions/10126956/capture-value-out-of-query-string-with-regex but I just
thought I'd ask.
Thanks,
--
Nick Pratley
Information Security, Red Hat, Inc.
+61 7 3514 8268
More information about the Bro
mailing list