elcentro3m
Board Regular
- Joined
- Jan 26, 2007
- Messages
- 60
Here's the information from two rows providing examples of the strings I'm working with:
"Tue, 2010-02-23 01:22:18 - TCP packet - Source: 192.168.1.163 - Destination: 74.125.164.97 - [Attempt to access URl: safebrowsing-cache.google.com
Src 2481 Dst 80 from LAN]
Tue, 2010-02-23 01:22:31 - TCP packet - Source: 38.107.160.138 - Destination"
"Tue, 2010-02-23 00:23:26 - UDP packet - Source: 128.208.34.91 - Destination: 64.65.186.174 - [Access Policy not found, dropping packet Src 137 Dst 137 from WAN]
From these examples I'm looking to pull:
Date-Time (Example):
Tue, 2010-02-23 01:22:18
Source IP (Example):
192.168.1.163
Destination IP (Example):
64.65.186.174
and
Url accessed (Example):
safebrowsing-cache.google.com
The Source IP is most likely to be either 9 or 10 digits depending on whether the last
set of digits is three or two, but the second Source IP (38.107.160.138) throws a wrench into any consistency of length as well as consisting of dual Sources - TCP / UDP.
Now Destination IP could be up to 12 digits (so I can't just search and extract based on
the example).
The URL accessed could be extension: net, com, org, biz, edu, etc or it could be:
[Access Policy not found, dropping packet...
If it is the latter, I don't need to see it, some kind of conditional would work excluding
said info.
If this had a simple answer, that I could figure out, I wouldn't be asking. I know I can
use FIND, MID, LEFT and RIGHT to extract information, but, the URL accessed would be
a variable length string as could either Source or Destination IPs, and the URL accessed
could also be irrelevant information as shown above in which case, conditionally, it could
be excluded.
It doesn't look to have a simple straightforward solution, but, then, I don't know nearly as
much as many of you here. Any ideas, possible solutions?
Thanx
"Tue, 2010-02-23 01:22:18 - TCP packet - Source: 192.168.1.163 - Destination: 74.125.164.97 - [Attempt to access URl: safebrowsing-cache.google.com
Src 2481 Dst 80 from LAN]
Tue, 2010-02-23 01:22:31 - TCP packet - Source: 38.107.160.138 - Destination"
"Tue, 2010-02-23 00:23:26 - UDP packet - Source: 128.208.34.91 - Destination: 64.65.186.174 - [Access Policy not found, dropping packet Src 137 Dst 137 from WAN]
From these examples I'm looking to pull:
Date-Time (Example):
Tue, 2010-02-23 01:22:18
Source IP (Example):
192.168.1.163
Destination IP (Example):
64.65.186.174
and
Url accessed (Example):
safebrowsing-cache.google.com
The Source IP is most likely to be either 9 or 10 digits depending on whether the last
set of digits is three or two, but the second Source IP (38.107.160.138) throws a wrench into any consistency of length as well as consisting of dual Sources - TCP / UDP.
Now Destination IP could be up to 12 digits (so I can't just search and extract based on
the example).
The URL accessed could be extension: net, com, org, biz, edu, etc or it could be:
[Access Policy not found, dropping packet...
If it is the latter, I don't need to see it, some kind of conditional would work excluding
said info.
If this had a simple answer, that I could figure out, I wouldn't be asking. I know I can
use FIND, MID, LEFT and RIGHT to extract information, but, the URL accessed would be
a variable length string as could either Source or Destination IPs, and the URL accessed
could also be irrelevant information as shown above in which case, conditionally, it could
be excluded.
It doesn't look to have a simple straightforward solution, but, then, I don't know nearly as
much as many of you here. Any ideas, possible solutions?
Thanx
Last edited:
