Hi all,
im new to regex.
what im trying to do is to match a few keywords and take it as a variable.
For example:
i have a sample log:
is it possible to match a pattern [msg "Cross-site Scripting (XSS) Attack"] AND [severity "CRITICAL"] ?Code:192.168.0.13|<131>Nov 22 06:15:36 ubuntu apache-errors: [Fri Nov 22 06:15:33 2013] [error] [client 192.168.0.111] ModSecurity: Warning. Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:name. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "148"] [id "958052"] [rev "2.2.5"] [msg "Cross-site Scripting (XSS) Attack"] [data "alert("] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "192.168.0.13"] [uri "/dvwa/vulnerabilities/xss_r/"] [unique_id "Uo9nBX8AAQEAAASiAh8AAAAA"]
And output a new line to the file - "Attack type - Cross-site Scripting, Severity - Critical."
Thanks
kindly share if u have a good regex tutorial for beginner.
Bookmarks