Beefy Boxes and Bandwidth Generously Provided by pair Networks RobOMonk
Don't ask to ask, just ask
 
PerlMonks  

Re^3: Inserting domain name into Snort rule

by aaron_baugher (Deacon)
on Oct 05, 2012 at 16:01 UTC ( #997503=note: print w/ replies, xml ) Need Help??


in reply to Re^2: Inserting domain name into Snort rule
in thread Inserting domain name into Snort rule

That's because my code uses shift to get the first argument to the subroutine. If you take it out of the subroutine, you'll need to replace that shift with the variable that contains the value you want to split.

Aaron B.
Available for small or large Perl jobs; see my home node.


Comment on Re^3: Inserting domain name into Snort rule
Re^4: Inserting domain name into Snort rule
by miniperl (Initiate) on Oct 05, 2012 at 16:40 UTC

    First of all; thank you very much for your help. I did what you said and its very close but doing some weird stuff.

    Here's what I have:
    #!/usr/bin/perl

    $work = "/var/tmp/work";
    $input = "$work/domainlist.csv";

    open (IN,"$input");
    open (OUT,">domainlist.rules");
    while (<IN>) {
      chomp();
      $domain = $_;

        $dns = join '|', '', ( map { sprintf('%02d',length $_), $_ } split /\./, $domain ), '00', '';
          print "$dns\n";
    }

    What I get is something like this:


    |00|foobar|09|foodomain|04|com

    |00|www|06|foobar|12|foobardomain|03|cc


    If puts the zeros on the front instead of the end and doesn't give a count

    then it counts the next sections correctly

    then it always adds an extra count for the last part, maybe its counting a space or something

      The code as you've quoted it works fine when I give it a hardcoded domain:

      $domain = 'foobar.foodomain.com'; $dns = join '|', '', ( map { sprintf('%02d',length $_), $_ } split /\. +/, $domain ), '00', ''; print "$dns\n"; # prints: |06|foobar|09|foodomain|03|com|00|

      So I'd say you need to look at your input.

      Aaron B.
      Available for small or large Perl jobs; see my home node.

        You are absolutely correct. The input file was originally an windows csv, so a little dos2unix cleaned it up and it works like a champ now.

        Thanks again.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://997503]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (16)
As of 2014-04-17 16:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (453 votes), past polls