barakat-abweh
commented
2 years ago Hi Bro, some of this issues exists from original add-on and I'm still updating the regexes. BTW, thanks for your efforts, it will be considered during next update.
Closed PierreEIRB closed 1 year ago
barakat-abweh
commented
2 years ago Hi Bro, some of this issues exists from original add-on and I'm still updating the regexes. BTW, thanks for your efforts, it will be considered during next update.
PierreEIRB
commented
2 years ago No problem, happy to help ;)
Cheers,
Hi there,
Seems there are little mistakes in some regex within the props.conf:
EXTRACT-ipv4_tcp = filterlog (?P<pid>\d+) - - (?P<rule>[^,])*,(?P<sub_rule>[^,]*),(?P<anchor>[^,]*),(?P<tracker_id>[^,]*),(?P<dest_int>[^,]*),(?P<reason>[^,]*),(?P<vendor_action>[^,]*),(?P<vendor_direction>[^,]*),(?P<ip_version>4),(?P<tos>[^,]*),(?P<ecn>[^,]*),(?P<ttl>[^,]*),(?P<id>[^,]*),(?P<offset>[^,]*),(?P<flags>[^,]*),(?P<transport_id>[^,]*),(?P<vendor_transport>tcp),(?P<bytes>[^,]*),(?P<src_ip>[^,]*),(?P<dest_ip>[^,]*),(?P<src_port>[^,]*),(?P<dest_port>[^,]*),(?P<payload_bytes>[^,]*),(?P<vendor_tcp_flags>[^,]*),(?P<sequence_number>[^,]*),(?P<ack>[^,]*),(?P<window>[^,]*),(?P<urg>[^,]*),(?P<options>[^$]*)$shoud be ...
EXTRACT-ipv4_tcp = filterlog (?P<pid>\d+) - - (?P<rule>[^,]*),(?P<sub_rule>[^,]*),(?P<anchor>[^,]*),(?P<tracker_id>[^,]*),(?P<dest_int>[^,]*),(?P<reason>[^,]*),(?P<vendor_action>[^,]*),(?P<vendor_direction>[^,]*),(?P<ip_version>4),(?P<tos>[^,]*),(?P<ecn>[^,]*),(?P<ttl>[^,]*),(?P<id>[^,]*),(?P<offset>[^,]*),(?P<flags>[^,]*),(?P<transport_id>[^,]*),(?P<vendor_transport>tcp),(?P<bytes>[^,]*),(?P<src_ip>[^,]*),(?P<dest_ip>[^,]*),(?P<src_port>[^,]*),(?P<dest_port>[^,]*),(?P<payload_bytes>[^,]*),(?P<vendor_tcp_flags>[^,]*),(?P<sequence_number>[^,]*),(?P<ack>[^,]*),(?P<window>[^,]*),(?P<urg>[^,]*),(?P<options>[^$]*)$Same issue for EXTRACT below:
EXTRACT-ipv4_icmp_request EXTRACT-ipv4_carp EXTRACT-ipv4_igmp EXTRACT-ipv4_pim EXTRACT-ipv4_gre
Attached the file updated.
Thanks for the work btw ;) props.conf.txt
Cheers