Re: [Simple-evcorr-users] Negation

Fri, 17 Mar 2017 09:14:18 -0700 

So ok...using regex101.com it looks like org still matches...should I 
just try and test using sec or does regex101.com mirror what sec would 
do?  Example:

(?<!\.net|\.org)\S+\.php\?id=[0-9A-Za-z]{8}


bleh://something[.]org/something/something.php?id=sj98sdf7s978sdf

and this still matches, again, according to regex101.  Might have to 
just give it a test.  Thanks again...VERY helpful!

James

On 2017-03-17 10:02, Todd M. Hall wrote:
> Let us know if it works or not so it'll be searchable for others later.
> Performance won't likely be a problem unless you have a busy SEC 
> process.
> 
> 
> On Fri, 17 Mar 2017, James Lay wrote:
> 
>> Date: Fri, 17 Mar 2017 10:47:00 -0500
>> From: James Lay <j...@slave-tothe-box.net>
>> To: simple-evcorr-users@lists.sourceforge.net
>> Subject: Re: [Simple-evcorr-users] Negation
>> 
>> Thanks Todd...I had the regex101.com link up and trying to learn about
>> lookahead/behind...it makes me head hurt.
>> 
>> James
>> 
>> On 2017-03-17 09:02, Todd M. Hall wrote:
>>> I've not verified if this works in SEC, but you could maybe do a
>>> negative
>>> lookahead/behind
>>> 
>>> \.php\?id=[0-9A-Za-z]{8}(?!\.net|\.org)
>>> 
>>> (?<!\.net|\.org)\S+\.php\?id=[0-9A-Za-z]{8}
>>> 
>>> There may be a bit of a performance hit with using these though.  
>>> Give
>>> them a
>>> try.
>>> 
>>> 
>>> On Thu, 16 Mar 2017, James Lay wrote:
>>> 
>>>> Date: Thu, 16 Mar 2017 17:42:25 -0500
>>>> From: James Lay <j...@slave-tothe-box.net>
>>>> To: Simple Event Corralator
>>>> <simple-evcorr-users@lists.sourceforge.net>
>>>> Subject: [Simple-evcorr-users] Negation
>>>> 
>>>> Hey all,
>>>> 
>>>> So I'm trying to create a rule to match this pattern:
>>>> 
>>>> "\.php\?id=[0-9A-Za-z]{8}"
>>>> 
>>>> The caveat is that I can't match certain things like, for example
>>>> "\.net|\.org".  How do I create a regex with negation for SEC?  
>>>> Thank
>>>> you.
>>>> 
>>>> James
>>>> 
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> Simple-evcorr-users mailing list
>>>> Simple-evcorr-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>>>> 
>>> 
>>> --
>>> Todd M. Hall
>>> Sr. Network Analyst
>>> Information Technology Services
>>> Mississippi State University
>>> t...@msstate.edu
>>> 662-325-9311 (phone)
>>> 
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Simple-evcorr-users mailing list
>>> Simple-evcorr-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>> 
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Simple-evcorr-users mailing list
>> Simple-evcorr-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>> 
> 
> --
> Todd M. Hall
> Sr. Network Analyst
> Information Technology Services
> Mississippi State University
> t...@msstate.edu
> 662-325-9311 (phone)
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to