Yeah, this did the trick :)
Thanks alot Sheran, now i'm able to get some sleep *smiling from one ear
to the other*
Greets, Chris
Sheran Gunasekera wrote:
>Hi Chris,
>Give this a go:
>(?P<timestamp>.{15}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:)
>
>I'm not using either Snort or Prelude, but I tried this on Python and I
>think it
>yields the results you require. I wonder about only capturing the first 15
>characters for the timestamp, though. It comes up a bit short. As I am
>unsure
>of the context it is being used, I cannot comment, but I would capture
>at least
>19 characters:
>
>(?P<timestamp>.{19}).*?\>\s(?P<hostname>.*?)\s(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?:)
>
>Take care,
>Sheran
>
>
--
[email protected] mailing list
