From: Grant Taylor via COFF <coff@tuhs.org>
To: coff@tuhs.org
Subject: [COFF] Re: Requesting thoughts on extended regular expressions in grep.
Date: Fri, 3 Mar 2023 12:36:35 -0700 [thread overview]
Message-ID: <8648a720-62a6-1ed2-b0ba-2dcc38097da6@spamtrap.tnetconsulting.net> (raw)
In-Reply-To: <alpine.BSF.2.21.9999.2303040254050.4881@aneurin.horsfall.org>
[-- Attachment #1: Type: text/plain, Size: 2055 bytes --]
On 3/3/23 9:12 AM, Dave Horsfall wrote:
> I can't help but provide an extract from my antispam log summariser
> (AWK):
>
> # Yes, I have a warped sense of humour here.
> /^[JFMAMJJASOND][aeapauuuecoc][nbrrynlgptvc] [ 0123][0-9] / \
> {
> date = sprintf("%4d/%.2d/%.2d",
> year, months[substr($0, 1, 3)], substr($0, 5, 2))
Thank you for sharing that Dave.
> Etc. The idea is not to validate so much as to grab a line of interest
> to me and extract the bits that I want.
Fair enough.
Using bracket expressions for the three letters is definitely another
idea that I hadn't considered.
But I believe I like what I think is -- what I'm going to describe as --
the more precise alternation listing out each month. (Jan|Feb|Mar...
Such an alternation is not going to match Jer like the three bracket
expressions will. I also believe that the alternation will be easier to
maintain in the future. Especially by someone other than me that has
less experience with REs.
> In this case I trust the source (the Sendmail log), but of course
> that is not always the case...
I trust that syslog will produce consistent line beginnings more than I
trust the data that is provided to syslog. But I'd still like to be
able to detect "Jer" or "Dot" if syslog ever tosses it's cookies.
> When doing things like this, you need to ask yourself at least the
> following questions:
>
> 1) What exactly am I trying to do? This is fairly important :-)
Filter out known to be okay log entries.
> 2) Can I trust the data? Bobby Tables, Reflections on Trusting
> Trust...
Given that I'm effectively negating things and filtering out log entries
that I want to not see (because they are okay) I'm comfortable with
trusting the data from syslog.
Brown M&Ms come to mind.
> 3) Etc.
>
> And let's not get started on the difference betwixt "trusted" and
> "trustworthy" (that distinction keeps security bods awake at night).
ACK
--
Grant. . . .
unix || die
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4017 bytes --]
next prev parent reply other threads:[~2023-03-03 19:36 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-02 18:54 [COFF] " Grant Taylor via COFF
2023-03-02 19:23 ` [COFF] " Clem Cole
2023-03-02 19:38 ` Grant Taylor via COFF
2023-03-02 23:01 ` Stuff Received
2023-03-02 23:46 ` Steffen Nurpmeso
2023-03-03 1:08 ` Grant Taylor via COFF
2023-03-03 2:10 ` Dave Horsfall
2023-03-03 3:34 ` Grant Taylor via COFF
2023-03-02 21:53 ` Dan Cross
2023-03-03 1:05 ` Grant Taylor via COFF
2023-03-03 3:04 ` Dan Cross
2023-03-03 3:53 ` Grant Taylor via COFF
2023-03-03 13:47 ` Dan Cross
2023-03-03 19:26 ` Grant Taylor via COFF
2023-03-03 10:59 ` Ralph Corderoy
2023-03-03 13:11 ` Dan Cross
2023-03-03 13:42 ` Ralph Corderoy
2023-03-03 19:19 ` Grant Taylor via COFF
2023-03-04 10:15 ` [COFF] Reading PDFs on a mobile. (Was: Requesting thoughts on extended regular expressions in grep.) Ralph Corderoy
2023-03-07 21:49 ` [COFF] " Tomasz Rola
2023-03-07 22:46 ` Tomasz Rola
2023-06-20 16:02 ` Michael Parson
2023-06-20 21:26 ` Tomasz Rola
2023-06-22 15:45 ` Michael Parson
2023-07-10 9:08 ` [COFF] Re: Reader, paper, tablet, phone (was: Re: Reading PDFs on a mobile. (Was: Requesting thoughts on extended regular expressions in grep.)) Tomasz Rola
2023-03-03 16:12 ` [COFF] Re: Requesting thoughts on extended regular expressions in grep Dave Horsfall
2023-03-03 17:13 ` Dan Cross
2023-03-03 17:38 ` Ralph Corderoy
2023-03-03 19:09 ` Dan Cross
2023-03-03 19:36 ` Grant Taylor via COFF [this message]
2023-03-04 10:26 ` Ralph Corderoy
2023-03-03 19:06 ` Grant Taylor via COFF
2023-03-03 19:31 ` Dan Cross
2023-03-04 10:07 ` Ralph Corderoy
2023-03-06 10:01 ` Ed Bradford
2023-03-06 21:01 ` Dan Cross
2023-03-06 21:49 ` Steffen Nurpmeso
2023-03-07 1:43 ` Larry McVoy
2023-03-07 4:01 ` Ed Bradford
2023-03-07 11:39 ` [COFF] " Ralph Corderoy
2023-03-07 18:31 ` [COFF] " Grant Taylor via COFF
2023-03-08 11:22 ` Ed Bradford
2023-03-07 16:14 ` Dan Cross
2023-03-07 17:34 ` [COFF] " Ralph Corderoy
2023-03-07 18:33 ` [COFF] " Dan Cross
2023-03-07 4:19 ` Ed Bradford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8648a720-62a6-1ed2-b0ba-2dcc38097da6@spamtrap.tnetconsulting.net \
--to=coff@tuhs.org \
--cc=gtaylor@tnetconsulting.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).