Re: [ossec-list] Decoding CEF log formats

2012-05-10 Thread dan (ddp) 
On Sat, May 5, 2012 at 3:53 PM, carlopmart carlopm...@gmail.com wrote:
 On 05/05/2012 09:13 PM, dan (ddp) wrote:

 \p?
 Otherwise, provide a sample please.

 On May 4, 2012 4:18 PM, carlopmart carlopm...@gmail.com
 mailto:carlopm...@gmail.com wrote:

    Hi all,

      I am trying to write a new decoder to process CEF log formats, but
    I have a problems to escape '|'. For example:

    regex offset=after_prematch^\d\|\__d+\|/regex


      doesn't works ... How can I escape '|' special character??

    Thanks.
    --
    CL Martinez
    carlopmart {at} gmail {d0t} com


 \p?? According to http://www.ossec.net/doc/syntax/regex.html, \p only
 escapes ()*+,-.:;=?[], but not |



Ok, apologies. I wasn't sure so I threw the ? in there.

 --
 CL Martinez
 carlopmart {at} gmail {d0t} com

Re: [ossec-list] Decoding CEF log formats

2012-05-05 Thread dan (ddp) 
\p?
Otherwise, provide a sample please.
On May 4, 2012 4:18 PM, carlopmart carlopm...@gmail.com wrote:

 Hi all,

  I am trying to write a new decoder to process CEF log formats, but I have
 a problems to escape '|'. For example:

 regex offset=after_prematch^\d\|\**d+\|/regex

  doesn't works ... How can I escape '|' special character??

 Thanks.
 --
 CL Martinez
 carlopmart {at} gmail {d0t} com

Re: [ossec-list] Decoding CEF log formats

2012-05-05 Thread carlopmart 

On 05/05/2012 09:13 PM, dan (ddp) wrote:

\p?
Otherwise, provide a sample please.

On May 4, 2012 4:18 PM, carlopmart carlopm...@gmail.com
mailto:carlopm...@gmail.com wrote:

Hi all,

  I am trying to write a new decoder to process CEF log formats, but
I have a problems to escape '|'. For example:

regex offset=after_prematch^\d\|\__d+\|/regex

  doesn't works ... How can I escape '|' special character??

Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com



\p?? According to http://www.ossec.net/doc/syntax/regex.html, \p only 
escapes ()*+,-.:;=?[], but not |


--
CL Martinez
carlopmart {at} gmail {d0t} com

[ossec-list] Decoding CEF log formats

2012-05-04 Thread carlopmart 

Hi all,

 I am trying to write a new decoder to process CEF log formats, but I 
have a problems to escape '|'. For example:


regex offset=after_prematch^\d\|\d+\|/regex

 doesn't works ... How can I escape '|' special character??

Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com