[Tutor] Parsing iptables log files [regular expressions]
Danny Yoo
dyoo@hkn.eecs.berkeley.edu
Tue, 3 Sep 2002 10:28:40 -0700 (PDT)
On Tue, 3 Sep 2002, Sean 'Shaleh' Perry wrote:
> On Tuesday 03 September 2002 08:43, Amaya Rodrigo Sastre wrote:
> >
> > And it's still Tuesday ;-)
> >
> > Thanks for your time...
>
> Another suggestion:
>
> Why not extend your regex slightly instead of using both a regex and split?
>
> match_pat = re.compile(r'(SRC=[0-9.]+)[\t ](DST=[0-9.]+)[\t ](.*TCP|UDP)[\t
> ](SPT=[0-9]+)[\t ](DPT=[0-9]+)[\t ](SEQ=[0-9]+)[\t ](ACK=[0-9]+)')
Hi Amaya,
By the way, Python and Perl both support a "verbose" form of regular
expressions that might help make your regular expression a little easier
to look at. In Python, we can turn on verbosity by sending in the
re.VERBOSE flag when we prepare the regular expression:
###
match_pat = re.compile(r'''(SRC=[0-9.]+)
[\t ]
(DST=[0-9.]+)
[\t ]
(.*TCP|UDP)
[\t ]
(SPT=[0-9]+)
[\t ]
(DPT=[0-9]+)
[\t ]
(SEQ=[0-9]+)
[\t ]
(ACK=[0-9]+)''', re.VERBOSE)
###
It doesn't directly fix your program, but it may make it easier to debug
or improve your regular expression in the future.
Good luck!