0 Replies - 833 Views - Last Post: 24 September 2014 - 12:21 PM

#1 rock123star  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 15
  • Joined: 19-September 13

regular expression

Posted 24 September 2014 - 12:21 PM

How do i create a regular expression for this?

type=SYSCALL msg=<message id> arch=<arch id> syscall=<syscall #> success=<success> exit=<exit code> a0=<arg 0> a1=<arg 1> a2=<arg 2> a3=<arg 3> items=<item count> ppid=<ppid #> pid=<pid #> auid=<auid #> uid=<uid #> gid=<gid #> euid=<euid #> suid=<suid #> fsuid=<fsuid #> egid=<egid #> sgid=<sgid #> fsgid=<fsgid #> tty=<tty id> ses=<session id> comm=<command name> exe=<exe path> subj=<SELinux context> key=<key id>

the key attributes are type=SYSCALL, success and exe path. the rest i dont have to worry about.

I have this so far.

/(^|v)([ws]<em>w)s</em>:(?:[d*])?s*(['"])?([^']*)2/

Is This A Good Question/Topic? 0
  • +

Page 1 of 1