Many thanks for your fast reply John. , Would just be sure that I was not missing a special option, I will keep using the grep for the task Many thanks for your assistance and guidance
On Sat, Nov 25, 2017 at 4:53 PM, John Davison <[email protected]> wrote: > The yara command line tool does not support this feature. Using the -s > option will give you the position of each match (in hex), which you could > use to go back and figure out what part of the file to extract to display. > However, what you're trying to achieve can be much more easily accomplished > using the standard gnu grep tool. Yara is a binary scanning tool. It has > no understanding of "lines", but grep does. > > On Sat, Nov 25, 2017 at 10:10 AM, mikael vingaard < > [email protected]> wrote: > >> Hello group, I have a question that neither Google or read the docs can >> help me with; >> >> I would like to use Yara to search thou in a log-file - e.g; >> (the content of the file) aka. cat testfile.txt >> >> #Time,IP,Command >> 20170909,1.2.2.2,special_command >> >> My yara rule will search for "special_command" (as a normal ascii_string) >> - my test output with the -s option would be something like; >> >> 0x6a3:$ascii_string: special_command >> >> However i would like to "see" the 'whole' matching log-line (aka >> 20170909,1.2.2.2,special_command) like something like; >> 0x6a3:$ascii_string:20170909,1.2.2.2,special_command >> >> Would this be possible with YARA? (currently I am using standard regex, >> but for preformance issues, would I much like to use YARA (if possible). >> NB; there can be 100's of matches in the same logfile. >> >> Many thanks for any hints/assistance in this matter, MIkael >> >> -- >> You received this message because you are subscribed to the Google Groups >> "YARA" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > John W. Davison > [email protected] > > -- > You received this message because you are subscribed to a topic in the > Google Groups "YARA" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/yara-project/iHgayo8rcsI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
