Log file extract data and append back same lineHow can I extract user data from a file with awk and create a...

Are there any other Chaos-worshipping races?

Misplaced tyre lever - alternatives?

What does @RC mean in SSDT SQL Server Unit Testing?

Why do members of Congress in committee hearings ask witnesses the same question multiple times?

Can a space-faring robot still function over a billion years?

Is there any relevance to Thor getting his hair cut other than comedic value?

How to mitigate "bandwagon attacking" from players?

What is a term for a function that when called repeatedly, has the same effect as calling once?

How can I be pwned if I'm not registered on the compromised site?

Test pad's ESD protection

Canadian citizen, on US no-fly list. What can I do in order to be allowed on flights which go through US airspace?

Is the withholding of funding notice allowed?

If a set is open, does that imply that it has no boundary points?

What is better: yes / no radio, or simple checkbox?

I encountered my boss during an on-site interview at another company. Should I bring it up when seeing him next time?

How to make a *empty* field behaves like a *null* field when it comes to standard values?

What are the issues with an additional (limited) concentration slot instead of Bladesong?

Are paired adjectives bad style?

Why do phishing e-mails use faked e-mail addresses instead of the real one?

How can atoms be electrically neutral when there is a difference in the positions of the charges?

Did Amazon pay $0 in taxes last year?

Calculating Hyperbolic Sin faster than using a standard power series

Make me a metasequence

Book about a time-travel war fought by computers



Log file extract data and append back same line


How can I extract user data from a file with awk and create a new user based on it?Linux : Data extraction from text fileextract line from fileHow can I extract pdf names from an lftp log file?append search term to a log file nameRemove line from a file which is named in anotherUse sed and grep to extract data for particular months in a file with timestampsExtract the content from a file between two match patterns (Extract only HTML from a file)How to filter the below log file between time stampsappend line command not working in terminal













0















I have a snort.rule file, I need to extract cve numbers from the line and append them back in msg field of the same line inside flower brackets, below is the old log.




alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 1"; content:"miniupnpd/1."; fast_pattern:only; pcre:"/^Serverx3a[^rn]*miniupnpd/1.[0-3]/mi"; reference:url/29/security -dont-play; reference: arch/Architecture-v1.1.pdf; reference:cve,2013-0229;sid:2016302; rev:5;)

alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 2"; content:"Intel SDK for UPnP devices"; pcre:"/^Serverx3a[^rn]*Intel SDK for UPnP devices/mi"; reference: /infosec/blog/2013/01/29; reference:arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959;sid:2016303; rev:4;)



Required output,




alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 1 {cve,2013-0229}"; content:"miniupnpd/1."; fast_pattern:only; pcre:"/^Serverx3a[^rn]*miniupnpd/1.[0-3]/mi"; reference:url/29/security -dont-play; reference: arch/Architecture-v1.1.pdf; reference:cve,2013-0229;sid:2016302; rev:5;)

alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 2 {cve,2012-5958 cve,2012-5959}"; content:"Intel SDK for UPnP devices"; pcre:"/^Serverx3a[^rn]*Intel SDK for UPnP devices/mi"; reference: /infosec/blog/2013/01/29; reference: arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959;sid:2016303; rev:4;)



I am able to extract the CVE numbers, but appending back I am not getting



cat /tmp/snort.rule | grep -o -E -e 'sid:[^;]+' -e 'reference:cve,[^;]+'





scripts grep awk






share







New contributor




chandru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    0















    I have a snort.rule file, I need to extract cve numbers from the line and append them back in msg field of the same line inside flower brackets, below is the old log.




    alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 1"; content:"miniupnpd/1."; fast_pattern:only; pcre:"/^Serverx3a[^rn]*miniupnpd/1.[0-3]/mi"; reference:url/29/security -dont-play; reference: arch/Architecture-v1.1.pdf; reference:cve,2013-0229;sid:2016302; rev:5;)
    
alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 2"; content:"Intel SDK for UPnP devices"; pcre:"/^Serverx3a[^rn]*Intel SDK for UPnP devices/mi"; reference: /infosec/blog/2013/01/29; reference:arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959;sid:2016303; rev:4;)



    Required output,




    alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 1 {cve,2013-0229}"; content:"miniupnpd/1."; fast_pattern:only; pcre:"/^Serverx3a[^rn]*miniupnpd/1.[0-3]/mi"; reference:url/29/security -dont-play; reference: arch/Architecture-v1.1.pdf; reference:cve,2013-0229;sid:2016302; rev:5;)
    
alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 2 {cve,2012-5958 cve,2012-5959}"; content:"Intel SDK for UPnP devices"; pcre:"/^Serverx3a[^rn]*Intel SDK for UPnP devices/mi"; reference: /infosec/blog/2013/01/29; reference: arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959;sid:2016303; rev:4;)



    I am able to extract the CVE numbers, but appending back I am not getting



    cat /tmp/snort.rule | grep -o -E -e 'sid:[^;]+' -e 'reference:cve,[^;]+'





    scripts grep awk






    share







    New contributor




    chandru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0








      I have a snort.rule file, I need to extract cve numbers from the line and append them back in msg field of the same line inside flower brackets, below is the old log.




      alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 1"; content:"miniupnpd/1."; fast_pattern:only; pcre:"/^Serverx3a[^rn]*miniupnpd/1.[0-3]/mi"; reference:url/29/security -dont-play; reference: arch/Architecture-v1.1.pdf; reference:cve,2013-0229;sid:2016302; rev:5;)
      
alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 2"; content:"Intel SDK for UPnP devices"; pcre:"/^Serverx3a[^rn]*Intel SDK for UPnP devices/mi"; reference: /infosec/blog/2013/01/29; reference:arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959;sid:2016303; rev:4;)



      Required output,




      alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 1 {cve,2013-0229}"; content:"miniupnpd/1."; fast_pattern:only; pcre:"/^Serverx3a[^rn]*miniupnpd/1.[0-3]/mi"; reference:url/29/security -dont-play; reference: arch/Architecture-v1.1.pdf; reference:cve,2013-0229;sid:2016302; rev:5;)
      
alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 2 {cve,2012-5958 cve,2012-5959}"; content:"Intel SDK for UPnP devices"; pcre:"/^Serverx3a[^rn]*Intel SDK for UPnP devices/mi"; reference: /infosec/blog/2013/01/29; reference: arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959;sid:2016303; rev:4;)



      I am able to extract the CVE numbers, but appending back I am not getting



      cat /tmp/snort.rule | grep -o -E -e 'sid:[^;]+' -e 'reference:cve,[^;]+'





      scripts grep awk






      share







      New contributor




      chandru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      I have a snort.rule file, I need to extract cve numbers from the line and append them back in msg field of the same line inside flower brackets, below is the old log.




      alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 1"; content:"miniupnpd/1."; fast_pattern:only; pcre:"/^Serverx3a[^rn]*miniupnpd/1.[0-3]/mi"; reference:url/29/security -dont-play; reference: arch/Architecture-v1.1.pdf; reference:cve,2013-0229;sid:2016302; rev:5;)
      
alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 2"; content:"Intel SDK for UPnP devices"; pcre:"/^Serverx3a[^rn]*Intel SDK for UPnP devices/mi"; reference: /infosec/blog/2013/01/29; reference:arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959;sid:2016303; rev:4;)



      Required output,




      alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 1 {cve,2013-0229}"; content:"miniupnpd/1."; fast_pattern:only; pcre:"/^Serverx3a[^rn]*miniupnpd/1.[0-3]/mi"; reference:url/29/security -dont-play; reference: arch/Architecture-v1.1.pdf; reference:cve,2013-0229;sid:2016302; rev:5;)
      
alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response vulnerable UPnP device 2 {cve,2012-5958 cve,2012-5959}"; content:"Intel SDK for UPnP devices"; pcre:"/^Serverx3a[^rn]*Intel SDK for UPnP devices/mi"; reference: /infosec/blog/2013/01/29; reference: arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2012-5958; reference:cve,2012-5959;sid:2016303; rev:4;)



      I am able to extract the CVE numbers, but appending back I am not getting



      cat /tmp/snort.rule | grep -o -E -e 'sid:[^;]+' -e 'reference:cve,[^;]+'





      scripts grep awk




      scripts grep awk





      share







      New contributor




      chandru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.










      share







      New contributor




      chandru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      share



      share






      New contributor




      chandru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 4 mins ago









      chandruchandru

      1




      1




      New contributor




      chandru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      chandru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      chandru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          chandru is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1123388%2flog-file-extract-data-and-append-back-same-line%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          chandru is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          chandru is a new contributor. Be nice, and check out our Code of Conduct.













          chandru is a new contributor. Be nice, and check out our Code of Conduct.












          chandru is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1123388%2flog-file-extract-data-and-append-back-same-line%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Why do type traits not work with types in namespace scope?What are POD types in C++?Why can templates only be...

          Image
          What does it mean to express a gate in Dirac notation? A Strange Latex Symbol How can Republicans who favour free markets, consistently express anger when they don't like the outcome of that choice? What happened to Captain America in Endgame? How to solve constants out of the internal energy equation? How can I place the product on a social media post better? Will tsunami waves travel forever if there was no land? Unexpected email from Yorkshire Bank What is the relationship between spectral sequences and obstruction theory? How can I practically buy stocks? Will a top journal at least re
          Read more

          Will tsunami waves travel forever if there was no land?Why do tsunami waves begin with the water flowing away...

          Image
          How much cash can I safely carry into the USA and avoid civil forfeiture? Is there really no use for MD5 anymore? Is contacting this expert in the field something acceptable or would it be discourteous? How to pronounce 'C++' in Spanish How to creep the reader out with what seems like a normal person? Critique of timeline aesthetic Sci fi novel series with instant travel between planets through gates. A river runs through the gates How did Captain America manage to do this? Are Boeing 737-800’s grounded? Error message with tabularx How to make a pipeline wait for end-of-file or stop af
          Read more

          Simple Scan not detecting my scanner (Brother DCP-7055W)Brother MFC-L2700DW printer can print, can't...

          Image
          Can someone publish a story that happened to you? Will tsunami waves travel forever if there was no land? What is the strongest case that can be made in favour of the UK regaining some control over fishing policy after Brexit? Controversial area of mathematics Packing rectangles: Does rotation ever help? Is there a way to get a compiler for the original B programming language? Using a Lyapunov function to classify stability and sketching a phase portrait Do I have an "anti-research" personality? Reducing vertical space in stackrel What does KSP mean? Pulling the rope with one hand is
          Read more