awk programming question
RW
rwmaillists at googlemail.com
Thu Jan 23 21:33:56 UTC 2014
On Thu, 23 Jan 2014 13:57:03 -0700 (MST)
Warren Block wrote:
> On Thu, 23 Jan 2014, dteske at FreeBSD.org wrote:
>
> >> From: RW [mailto:rwmaillists at googlemail.com]
> >> Note that awk supports +, but not newfangled things like *.
> >
> > With respect to regex, what awk really needs is the quantifier
> > syntax...
> >
> > * = {0,} = zero or more
> > + = {1,} = one or more
> > {x,y} = any quantity from x inclusively up to y
> > {x,} = any quantity from x or more
>
> I think RW meant to type that awk did not have the newfangled "?" for
> non-greedy matches.
No I meant it doesn't support *, which had been used in all the
previous awk examples in this thread, and would have been
interpreted as a literal "*".
$ echo "sid:2008120; re" | awk ' {match($0,/[0-9]+/) ; \
s=substr($0,RSTART,RLENGTH) ; print "_",s,"_"} '
_ 2008120 _
21:12 (bob) ~
$ echo "sid:2008120; re" | awk ' {match($0,/[0-9]*/) ; \
s=substr($0,RSTART,RLENGTH) ; print "_",s,"_"} '
_ _
On Thu, 23 Jan 2014 12:20:26 -0800
dteske at FreeBSD.org wrote:
> 1. sig-msg.map file according to OP shouldn't have the quotes that are
> present from the snort rule input
> 2. Doesn't ignore lines of disinterest
I know nothing about snort - I was just going on the previous posts,
but FWIW removing the quotes is just a matter of changing:
msg = substr($0,RSTART+4, RLENGTH-5)
to
msg = substr($0,RSTART+5, RLENGTH-6)
More information about the freebsd-questions
mailing list