Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re^4: Inserting domain name into Snort rule

by miniperl (Initiate)
on Oct 05, 2012 at 16:40 UTC ( #997515=note: print w/replies, xml ) Need Help??

in reply to Re^3: Inserting domain name into Snort rule
in thread Inserting domain name into Snort rule

First of all; thank you very much for your help. I did what you said and its very close but doing some weird stuff.

Here's what I have:

$work = "/var/tmp/work";
$input = "$work/domainlist.csv";

open (IN,"$input");
open (OUT,">domainlist.rules");
while (<IN>) {
  $domain = $_;

    $dns = join '|', '', ( map { sprintf('%02d',length $_), $_ } split /\./, $domain ), '00', '';
      print "$dns\n";

What I get is something like this:



If puts the zeros on the front instead of the end and doesn't give a count

then it counts the next sections correctly

then it always adds an extra count for the last part, maybe its counting a space or something

Replies are listed 'Best First'.
Re^5: Inserting domain name into Snort rule
by aaron_baugher (Curate) on Oct 06, 2012 at 08:22 UTC

    The code as you've quoted it works fine when I give it a hardcoded domain:

    $domain = ''; $dns = join '|', '', ( map { sprintf('%02d',length $_), $_ } split /\. +/, $domain ), '00', ''; print "$dns\n"; # prints: |06|foobar|09|foodomain|03|com|00|

    So I'd say you need to look at your input.

    Aaron B.
    Available for small or large Perl jobs; see my home node.

      You are absolutely correct. The input file was originally an windows csv, so a little dos2unix cleaned it up and it works like a champ now.

      Thanks again.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://997515]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (11)
As of 2018-06-20 09:55 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (116 votes). Check out past polls.