Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Inserting domain name into Snort rule

by aaron_baugher (Curate)
on Oct 04, 2012 at 18:16 UTC ( [id://997282]=note: print w/replies, xml ) Need Help??


in reply to Inserting domain name into Snort rule

Here's one way to get the text string you want, then you just have to plug it in where you need it.

#!/usr/bin/env perl use Modern::Perl; sub fix { return join '|', '', ( map { sprintf('%02d',length $_), $_ } split + /\./, shift ), '00', ''; } say fix 'foo.com'; say fix 'foo.foobar.com'; say fix 'foo.foobar.foo.com';

Aaron B.
Available for small or large Perl jobs; see my home node.

Replies are listed 'Best First'.
Re^2: Inserting domain name into Snort rule
by miniperl (Initiate) on Oct 05, 2012 at 14:01 UTC

    Im probably doing something wrong but I pulled out the join statement and plugged it in to a while loop to read the csv file and all I get are a bunch of |00|.


    #!/usr/bin/perl

    $work = "/var/tmp/work";
    $input = "$work/domainlist.csv";

    open (IN,"$input");
    open (OUT,">domainlist.rules");
    while (<IN>) {
      chomp();
      $domain = $_;

        print join '|', '', ( map { sprintf('%02d',length $domain), $domain } split /\./, shift ), '00', '';

    }

      That's because my code uses shift to get the first argument to the subroutine. If you take it out of the subroutine, you'll need to replace that shift with the variable that contains the value you want to split.

      Aaron B.
      Available for small or large Perl jobs; see my home node.

        First of all; thank you very much for your help. I did what you said and its very close but doing some weird stuff.

        Here's what I have:
        #!/usr/bin/perl

        $work = "/var/tmp/work";
        $input = "$work/domainlist.csv";

        open (IN,"$input");
        open (OUT,">domainlist.rules");
        while (<IN>) {
          chomp();
          $domain = $_;

            $dns = join '|', '', ( map { sprintf('%02d',length $_), $_ } split /\./, $domain ), '00', '';
              print "$dns\n";
        }

        What I get is something like this:


        |00|foobar|09|foodomain|04|com

        |00|www|06|foobar|12|foobardomain|03|cc


        If puts the zeros on the front instead of the end and doesn't give a count

        then it counts the next sections correctly

        then it always adds an extra count for the last part, maybe its counting a space or something

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://997282]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others perusing the Monastery: (4)
As of 2024-03-28 08:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found