Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Regexp for havp widget question

    Scheduled Pinned Locked Moved Development
    11 Posts 3 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      With a few tweaks, this seems to match up on most things, but not all:

      $line = "07/08/2009 12:05:12 192.168.0.10 GET 200 http://www.eicar.org/download/eicar.com 413+68 VIRUS Clamd: Eicar-Test-Signature";
      $log_split = "";
      preg_match("/^(\d+\/\d+\/\d+)\s+(\d+:\d+:\d+)\s+(\d+.\d+.\d+.\d+)\s+\w+\s+\d+\s+(https?:\/\/([0-9a-z-]+\.)+([a-z]{2,3}|aero|coop|jobs|mobi|museum|name|travel)(:[0-9]{1,5})?(\/[^ ]*)?)\s+[0-9+]+\s+\w+\s+\w+:\s+([\S]+)$/U", $line, $log_split);
      print_r($log_split);
      
      

      Results in:

      Array
      (
          [0] => 07/08/2009 12:05:12 192.168.0.10 GET 200 http://www.eicar.org/download/eicar.com 413+68 VIRUS Clamd: Eicar-Test-Signature
          [1] => 07/08/2009
          [2] => 12:05:12
          [3] => 192.168.0.10
          [4] => http://www.eicar.org/download/eicar.com
          [5] => eicar.
          [6] => org
          [7] => 
          [8] => /download/eicar.com
          [9] => Eicar-Test-Signature
      )
      
      

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Actually it did match everything, there was no port on that URL so the entry for the port was blank.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M
          matrix200
          last edited by

          Thats fine.
          I was not gonna use it anyway.
          I will be using only :
          date and time (together) , lan ip , url and virus name.
          All other fields are not going to be used.

          Current network "hardware" :
          Running 2.2RC in Virtualbox 4.2.16.

          Retired:
          ALIX2C2 , 4 gigabyte disk cf card running 2.0 (official release).

          1 Reply Last reply Reply Quote 0
          • M
            matrix200
            last edited by

            Ok the widget works already :)
            There are some issues which I should check (I really don't understand yet the ajax stuff that you wrote regarding the lastsawtime).
            Unfortunately even with two columns the url still gets wrapped.
            I also need to write something similar to snort_alerts.php because right now it links to nowhere since there is no similar php file for havp.
            Still I am making progress :P

            What do you think about its looks?

            Current network "hardware" :
            Running 2.2RC in Virtualbox 4.2.16.

            Retired:
            ALIX2C2 , 4 gigabyte disk cf card running 2.0 (official release).

            1 Reply Last reply Reply Quote 0
            • M
              matrix200
              last edited by

              Hi jimp,
              I believe I resolved the ajax issues and the widget now updates properly.
              I think I am ready to release the code for general consumption.
              Please advise.

              Current network "hardware" :
              Running 2.2RC in Virtualbox 4.2.16.

              Retired:
              ALIX2C2 , 4 gigabyte disk cf card running 2.0 (official release).

              1 Reply Last reply Reply Quote 0
              • D
                dvserg
                last edited by

                I'm look you screenshot.
                Maybe more usable info as table [date | viruses count].
                And hint's for each date as list [dateTime | virus | url_path]

                SquidGuardDoc EN  RU Tutorial
                Localization ru_PFSense

                1 Reply Last reply Reply Quote 0
                • M
                  matrix200
                  last edited by

                  You mean like 5 last dates when there were viruses and amount of viruses for each date?
                  Regarding hint's I am not sure whether this is possible within widget framework.
                  Jim-p, please respond to that :)

                  Current network "hardware" :
                  Running 2.2RC in Virtualbox 4.2.16.

                  Retired:
                  ALIX2C2 , 4 gigabyte disk cf card running 2.0 (official release).

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    @matrix200:

                    You mean like 5 last dates when there were viruses and amount of viruses for each date?
                    Regarding hint's I am not sure whether this is possible within widget framework.
                    Jim-p, please respond to that :)

                    It should be possible to do a summary like that, it wouldn't have to even update with AJAX. Just add another table above what you have now and summarize the data a little. I can have a look when I test it out. I haven't had any time to try the code you sent to me yet. Hopefully I can do that tonight.

                    It might help to have a bigger sample of a HAVP log than what you posted. At least 10-20 lines with items from multiple dates.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • M
                      matrix200
                      last edited by

                      Ok I will try to assemble some more virus data.
                      My regular browsing habits don't contain too many viruses so I have to search for viruses in order to fill the logs :)
                      In my case that summary would be pretty dull.

                      Current network "hardware" :
                      Running 2.2RC in Virtualbox 4.2.16.

                      Retired:
                      ALIX2C2 , 4 gigabyte disk cf card running 2.0 (official release).

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        I committed the havp widget into Dashboard v0.8.4, should be on the package server momentarily.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.