[Bro] Patterns and Word Boundaries
Samuel Oehlert
soehlert at es.net
Thu Oct 22 09:03:45 PDT 2015
I know Bro's regex syntax is almost exactly the same as Flex (only
differing in some very edge cases). I am not positive, but from a cursory
google it seems Flex doesn't understand word boundaries.
-Sam
On Thu, Oct 22, 2015 at 8:05 AM, Lloyd Brown <lloyd_brown at byu.edu> wrote:
> Hopefully this isn't too simplistic of a question, but I'm just getting
> started with Bro.
>
> In the text pattern syntax for Bro [1], is there an easy way to define
> word boundaries, similar to how some of the RegEx dialects use '\b',
> '\<', '\>', etc.? [2]
>
> I'm trying to match for specific strings in a data stream. For example,
> the word "nmap". I'm trying several approaches, based on past RegEx
> knowledge, and I'm having trouble coming up with a single pattern that
> would handle it all. Example bro test script attached; hopefully it's
> clear.
>
> Fundamentally, is there a syntax reference for pattern matching, or does
> it conform to a commonly known dialect (eg. POSIX-style RegEx, or PCRE
> RegEx)?
>
>
> [1] https://www.bro.org/sphinx/scripting/index.html#pattern
> [2] http://www.regular-expressions.info/wordboundaries.html
>
> --
> Lloyd Brown
> Systems Administrator
> Fulton Supercomputing Lab
> Brigham Young University
> http://marylou.byu.edu
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151022/872c38c4/attachment.html
More information about the Bro
mailing list