Forum Discussion
hooleylist
Aug 22, 2007Cirrostratus
Your original version works for me. Here is a quick method to test. If you change ::ip_address to an invalid IP, no match is found. If it is valid, a match is logged.
If the display of this regex is broken, you should be able to see it correctly by clicking reply and looking at the post.
when RULE_INIT {
set ::match {}
set ::ip_address "256.2.3.4"
set ::ip_address_regex {\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b}
regexp $::ip_address_regex $::ip_address ::match
log local0. "\$::ip_address: $::ip_address; matched: $::match"
}
Aaron