[Tutor] Parsing iptables log files [regular expressions]

Tue, 3 Sep 2002 10:28:40 -0700 (PDT)

On Tue, 3 Sep 2002, Sean 'Shaleh' Perry wrote:

> On Tuesday 03 September 2002 08:43, Amaya Rodrigo Sastre wrote:
> >
> > And it's still Tuesday ;-)
> >
> > Thanks for your time...
>
> Another suggestion:
>
> Why not extend your regex slightly instead of using both a regex and split?
>
> match_pat = re.compile(r'(SRC=[0-9.]+)[\t ](DST=[0-9.]+)[\t ](.*TCP|UDP)[\t
> ](SPT=[0-9]+)[\t ](DPT=[0-9]+)[\t ](SEQ=[0-9]+)[\t ](ACK=[0-9]+)')

Hi Amaya,

By the way, Python and Perl both support a "verbose" form of regular
expressions that might help make your regular expression a little easier
to look at.  In Python, we can turn on verbosity by sending in the
re.VERBOSE flag when we prepare the regular expression:

###
match_pat = re.compile(r'''(SRC=[0-9.]+)
                           [\t ]
                           (DST=[0-9.]+)
                           [\t ]
                           (.*TCP|UDP)
                           [\t ]
                           (SPT=[0-9]+)
                           [\t ]
                           (DPT=[0-9]+)
                           [\t ]
                           (SEQ=[0-9]+)
                           [\t ]
                           (ACK=[0-9]+)''', re.VERBOSE)
###

It doesn't directly fix your program, but it may make it easier to debug
or improve your regular expression in the future.

Good luck!