more work and begin work on the bin bit
This commit is contained in:
parent
3bc667aa7f
commit
3bd1b1c936
7
MANIFEST
7
MANIFEST
|
@ -4,16 +4,19 @@ lib/Regexp/F2B/INI.pm
|
|||
Makefile.PL
|
||||
MANIFEST This list of files
|
||||
README.md
|
||||
src_bin/regexp-f2b
|
||||
bin/.exists
|
||||
t/00-load.t
|
||||
t/01-load.t
|
||||
t/creation_from_file.t
|
||||
t/creation.t
|
||||
t/filter.d
|
||||
t/creation_from_file.t
|
||||
t/filter.d/common.conf
|
||||
t/filter.d/fast-log-attack-src.conf
|
||||
t/filter.d/sshd.conf
|
||||
t/ini.t
|
||||
t/manifest.t
|
||||
t/pod-coverage.t
|
||||
t/pod.t
|
||||
t/proc_lines.t
|
||||
t/regexp.t
|
||||
|
||||
|
|
|
@ -169,11 +169,11 @@ sub new {
|
|||
}
|
||||
|
||||
# process any /F-[A-Za-z0-9\_\-]+/ items
|
||||
if ( $self->{regexp}[$int] =~ /\<F\-[A-Za-z0-9\_\-]+\>/ ) {
|
||||
$self->{regexp}[$int] =~ s/\<F\-([A-Za-z0-9\_\-]+)\>/(?<F$1>/g;
|
||||
if ( $self->{regexp}[$int] =~ /\<F\-[A-Za-z0-9\_]+\>/ ) {
|
||||
$self->{regexp}[$int] =~ s/\<F\-([A-Za-z0-9\_]+)\>/(?<F$1>/g;
|
||||
}
|
||||
if ( $self->{regexp}[$int] =~ /\<F\-[A-Za-z0-9\_\-]+\>/ ) {
|
||||
$self->{regexp}[$int] =~ s/\<\/F\-[A-Za-z0-9\_\-]+\>/)/g;
|
||||
if ( $self->{regexp}[$int] =~ /\<\/F\-[A-Za-z0-9\_]+\>/ ) {
|
||||
$self->{regexp}[$int] =~ s/\<\/F\-[A-Za-z0-9\_]+\>/)/g;
|
||||
}
|
||||
|
||||
# add ^ and $ bits as needed
|
||||
|
@ -590,8 +590,15 @@ sub proc_line {
|
|||
my $regexp = $self->{regexp}[$int];
|
||||
if ( $joined =~ /$regexp/ ) {
|
||||
foreach my $key ( keys(%+) ) {
|
||||
my $val=$+{$key};
|
||||
$not_found = 0;
|
||||
$found->{$key} = $+{$key};
|
||||
if ($key=~/^F/) {
|
||||
my $new_key=$key;
|
||||
$new_key=~s/^F/F-/;
|
||||
$found->{$new_key} = $val;
|
||||
}else {
|
||||
$found->{$key} = $val;
|
||||
}
|
||||
}
|
||||
$not_found = 0;
|
||||
$found->{found} = 1;
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
#!perl
|
||||
|
32
t/regexp.t
32
t/regexp.t
|
@ -275,4 +275,36 @@ eval {
|
|||
};
|
||||
ok( $worked eq '1', 'pre_regex test' ) or diag( "matching with pre_regexp failed in some manner... " . $@ );
|
||||
|
||||
# make sure it will match F- items
|
||||
$worked = 0;
|
||||
$tests_ran++;
|
||||
eval {
|
||||
$object = Regexp::F2B->new(
|
||||
pre_regexp =>
|
||||
['^\d\d\d\d\-\d\d\-\d\dT\d\d\:\d\d:\d\d\ <F-MLFID>\w\w*\[\d\d*\]</F-MLFID>\: <F-CONTENT>.*</F-CONTENT>$'],
|
||||
regexp => ['auth failed src: <HOST>, dst:<F-DEST>..*</F-DEST>$']
|
||||
);
|
||||
my $line = '2022-09-11T05:03:11 sshd[1234]: auth failed src: ::1, dst:5.6.7.8';
|
||||
my $matched;
|
||||
eval { $matched = $object->proc_line($line); };
|
||||
if ($@) {
|
||||
die(
|
||||
'$object->proc_line($line) died... line=' . Dumper($line) . "\nobject=" . Dumper($object) . "\n\$@=" . $@ );
|
||||
}
|
||||
if ( $matched->{HOST} ne '::1' ) {
|
||||
die( "returned '" . Dumper($matched) . "'\n\n" . Dumper( $line, $object ) );
|
||||
}
|
||||
if ( $matched->{'F-MLFID'} ne 'sshd[1234]' ) {
|
||||
die( "returned '" . Dumper($matched) . "'\n\n" . Dumper( $line, $object ) );
|
||||
}
|
||||
if ( $matched->{'F-CONTENT'} ne 'auth failed src: ::1, dst:5.6.7.8' ) {
|
||||
die( "returned '" . Dumper($matched) . "'\n\n" . Dumper( $line, $object ) );
|
||||
}
|
||||
if ( $matched->{'F-DEST'} ne '5.6.7.8' ) {
|
||||
die( "returned '" . Dumper($matched) . "'\n\n" . Dumper( $line, $object ) );
|
||||
}
|
||||
$worked = 1;
|
||||
};
|
||||
ok( $worked eq '1', 'regex F test' ) or diag( "matching with some F- items failed in some manner... " . $@ );
|
||||
|
||||
done_testing($tests_ran);
|
||||
|
|
Loading…
Reference in New Issue