Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^4: Inserting domain name into Snort rule

by miniperl (Initiate)
on Oct 05, 2012 at 16:40 UTC ( #997515=note: print w/replies, xml ) Need Help??


in reply to Re^3: Inserting domain name into Snort rule
in thread Inserting domain name into Snort rule

First of all; thank you very much for your help. I did what you said and its very close but doing some weird stuff.

Here's what I have:
#!/usr/bin/perl

$work = "/var/tmp/work";
$input = "$work/domainlist.csv";

open (IN,"$input");
open (OUT,">domainlist.rules");
while (<IN>) {
  chomp();
  $domain = $_;

    $dns = join '|', '', ( map { sprintf('%02d',length $_), $_ } split /\./, $domain ), '00', '';
      print "$dns\n";
}

What I get is something like this:


|00|foobar|09|foodomain|04|com

|00|www|06|foobar|12|foobardomain|03|cc


If puts the zeros on the front instead of the end and doesn't give a count

then it counts the next sections correctly

then it always adds an extra count for the last part, maybe its counting a space or something

Replies are listed 'Best First'.
Re^5: Inserting domain name into Snort rule
by aaron_baugher (Curate) on Oct 06, 2012 at 08:22 UTC

    The code as you've quoted it works fine when I give it a hardcoded domain:

    $domain = 'foobar.foodomain.com'; $dns = join '|', '', ( map { sprintf('%02d',length $_), $_ } split /\. +/, $domain ), '00', ''; print "$dns\n"; # prints: |06|foobar|09|foodomain|03|com|00|

    So I'd say you need to look at your input.

    Aaron B.
    Available for small or large Perl jobs; see my home node.

      You are absolutely correct. The input file was originally an windows csv, so a little dos2unix cleaned it up and it works like a champ now.

      Thanks again.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://997515]
help
Chatterbox?
[Corion]: Meh. My bank removed (part of) their CSV download facilities. Now I will either have to implement a full scraper or automate the download using the HBCI interface instead (or just get a new account elsewhere...)
[Corion]: On the upside, I spend a lot of time thinking this weekend about how to actually implement rate limiting for futures, and if things work out, maybe even loading a configuration from an external file makes sense
[Corion]: I've also found some interesting invariants that I have to think/write about more. A simple rate limiter will never change the order of the input, while a limiter that allows for parallel execution will change the order. But my API currently allows for bo
[Corion]: ... for both, and I'm not sure if I want to add the cruft from the parallel API (a token that you need to hold on to while you hold the lock) to the rate limiting API too, to allow seamless up/downgrades, or not.
[Corion]: Also, rate limiting will look great with await: my $token = await $limiter-> limit($hostname); instead of my $f = $limiter->limit( $hostname )->then(sub { my( $token)=@_; ... });

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (9)
As of 2017-10-23 08:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My fridge is mostly full of:

















    Results (277 votes). Check out past polls.

    Notices?