Regex, um den Bro IDS-Protokollen zu entsprechen

332
hamid sha

Wie schreibe ich einen einzelnen Regex, um in den Zeichenfolgen CN, O, ST, C zu erhalten, falls vorhanden.

Beispieleingabe:

{"ts":1537159826.804384,"uid":"CGvaSh4uPO39lxSdU2","id.orig_h":"192.168.8.32","id.orig_p":1287,"id.resp_h":"192.168.1.199","id.resp_p":13000,"version":"TLSv12","cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","resumed":false,"established":true,"cert_chain_fuids":["FjgtKQ1uIs3Qgvb6o1","F6iQCy1iLY2CIshua7"],"client_cert_chain_fuids":[],"subject":"CN=Kaspersky-Srv","issuer":"CN=Kaspersky-Srv","validation_status":"self signed certificate in certificate chain"} {"ts":1537159827.160892,"uid":"CZzMLE3PcfJtCnyied","id.orig_h":"192.168.1.242","id.orig_p":55805,"id.resp_h":"192.168.4.27","id.resp_p":443,"version":"TLSv10","cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","curve":"secp256r1","resumed":false,"established":true,"cert_chain_fuids":["F7MofV1dAQafCQAoS8","FdZJdr24uytt51AcGc"],"client_cert_chain_fuids":[],"subject":"emailAddress=vmca@vmware.com,CN=192.168.4.27,OU=VMware Engineering,O=VMware,L=Palo Alto,ST=California,C=US","issuer":"O=vcenter-Srv,C=US,DC=local,DC=vsphere,CN=CA","validation_status":"self signed certificate in certificate chain"}
-2
Json und Regex sind keine guten Freunde. Verwenden Sie einen Parser, er ist einfacher, schneller und viel wartungsfreundlicher. Toto vor 5 Jahren 0

1 Antwort auf die Frage

0
simlev 
perl -lane 'print "$1 $3 $5 $7" if /CN=([^",]*)(.*?O=([^",]*))?(.*?ST=([^",]*))?(.*?C=([^",]*))?/' input.json

Ausgabe:

Kaspersky-Srv 192.168.4.27 VMware California US

Verwandte Probleme