Question

vbscript to parse information

Asked by: brian_appliedcpu

Question 1...Is there any way to parse the following message so that I end up with two variables?
It cannot be parsed by the position of the characters as sometimes the messages are slightly different.

I need the src outside / src_addr
and the dst inside / dst_addr
passed out as
Fields.VarCustom01
Fields.VarCustom02
to be passed into another script.


:%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group "outside_access_in"

:%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 12.45.90.231, src_addr= 11.2.136.15, prot= tcp


Fields.VarCustom02=123.13.12.123

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-05-21 at 18:19:45ID20998320
Tags

variables

Topic

Miscellaneous Programming

Participating Experts
3
Points
500
Comments
29

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. par file
    Waht is a file with .par used for and what does this extension mean? Can I list the parameters for import in a .par file and use this file in imp, like imp file=filename.par Please suggest.
  2. par io err laserjet 4 plus
    Every time I start my computer my old laserjet 4 plus comes up with an error message on the control panel "err par io" the work around is to cycle power on the printer after the computer is loaded. This problem started when I got a new computer. I have tried chan...
  3. PAR Protocol
    How has the PAR Protocol been extended for use in the Internet?
  4. Converting from PERL to Executable using PAR
    I have a PERL script that begins with the following: use Win32::OLE qw(in with); use Win32::OLE::Const 'Microsoft Excel'; When I convert my PERL script to an executable using pp -o file.exe file.pl, there is no problem. But, when I run file.exe I receive the following pop-...
  5. What does the /par in a .bat file mean?
    I am learning to do batch files, and came across this /par in my .bat file. I dont know really how it got there, as I was just manually creating the batch. I did just install easy batch creator, but I didnt use that prog. Anyway here is the code that I have in my batch, but ...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: mccainz2Posted on 2004-05-21 at 18:45:27ID: 11131369

well if there are textual elements you can count on then you can detect those elements and parse based on them

   Dim s1 As String
    Dim s2 As String
    Dim dstStart As Integer
    Dim dstEnd As Integer
   
    s1 = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group"
    dstStart = InStr(1, s1, "outside:") + Len("outside:")
    dstEnd = InStr(1, s1, "dst")
    srcout = Mid(s1, dstStart, dstEnd - dstStart)

 

by: brian_appliedcpuPosted on 2004-05-21 at 19:05:53ID: 11131425

I am a real newbie....
would you be willing to elaborate and explain?

 

by: mccainz2Posted on 2004-05-21 at 19:20:01ID: 11131456

the instr function will return the location of the first character of the search text in the specified string....
Len simply returns the length of a text string
Mid is used to parse out the final element once youve located it in the master string...

so , dstStart will hold the location of the 1st character in your ip of interest IF you can count on the IP always being prepended by "outside:"
dstEnd will hold the location of the last character in your IP of interest IF you can count on dst always falling immediately after the src IP and dst not occuring in the string before the  dst of interest.

 

by: brian_appliedcpuPosted on 2004-05-21 at 20:49:49ID: 11131799

OK for the most part it works, but unfortunately the messages are not identical...
one type is :
%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 124.13.90.231, src_addr= 22.26.136.15, prot= tcp
the other is:
%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group

Is there a way to do an if then to look at both?
Do I need to declare all of the items below in the Dim's?
When I parse the first message for the src_addr with an end of , prot= as dstEnd = InStr(1, s1, "\, prot=")
if fails....is a comma not allowed?


Dim M
Dim s1
Dim s2
Dim dstStart
Dim dstEnd
Dim srcout

' Copy message to local variable for speed
M = Fields.VarCleanMessageText

' If message length is too short, exit function
If Len(M) < 15 then exit function
M = ""
dstStart = ""
dstEnd = ""
s1 = ""
srcout = ""
Fields.VarCustom01 = ""
s1 = M
'    dstStart = InStr(1, s1, "outside:") + Len("outside:")
'    dstEnd = InStr(1, s1, "/")
'    srcout = Mid(s1, dstStart, dstEnd - dstStart)

   dstStart = InStr(1, s1, "src_addr=") + Len("src_addr=")
    dstEnd = InStr(1, s1, "\, prot=")
    srcout = Mid(s1, dstStart, dstEnd - dstStart)



Fields.VarCustom01 = srcout

 

by: brettdjPosted on 2004-05-22 at 01:04:20ID: 11132277

Hi brian_appliedcpu

VbScript has access to the parsing object, RegExp. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/vtoriVBScript.asp

The following code extracts two src outside codes that match the ppatern of "src outside" 3 digits dot 2 digits dot two diguts dot. 3 digits.

123.13.12.123
143.13.12.123 (i made this up for testing)

If you provide an example of your dst_addr I will pass that too.


Sub GetT()
    Dim RegX, RegI, M, s
    Dim C As String
    C = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group ""outside_access_in""" & _
        ":%PIX-4-402106: src outside:143.13.12.123 Rec'd packet not an IPSEC packet. (ip) dest_addr= 12.45.90.231, src_addr= 11.2.136.15, prot= tcp"
    Set RegX = CreateObject("vbscript.regexp")
    RegX.Global = True
    RegX.MultiLine = True
    RegX.Pattern = "src\s{1}outside:(\d{3}\.\d{2}.\d{2}\.\d{3})"
    Set RegI = RegX.Execute(C)
    For Each M In RegI
        Set subm = M.submatches
        For Each s In subm
            Debug.Print s
        Next
    Next
End Sub

 

by: brian_appliedcpuPosted on 2004-05-22 at 04:24:47ID: 11132595

Unfortunately the addresses can be 1 to 3 digits in each filed (octet).
24.24.90.123
11.2.136.15
123.198.1.1

 

by: brettdjPosted on 2004-05-22 at 04:47:03ID: 11132648

no problem

change
RegX.Pattern = "src\s{1}outside:(\d{3}\.\d{2}.\d{2}\.\d{3})"
to
RegX.Pattern  ="src\s{1}outside:(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"

Cheers

Dave

 

by: InsOMniaCCodERPosted on 2004-05-22 at 14:19:52ID: 11135113

in your code, change
dstEnd = InStr(1, s1, "/")
to
dstEnd = InStr(dstStart, s1, "/")

 

by: brian_appliedcpuPosted on 2004-05-22 at 15:09:13ID: 11135346

I will actually be only evaluating one string but the string changes, sometimes it looks like:
%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 124.13.90.231, src_addr= 22.26.136.15, prot= tcp
and somtimes it looks like:
%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group

In your script listed below are you looking for multiple matches?  I will only be passing one of the above stings to the script as a variable M = Fields.VarCleanMessageText and wanting to stip out the src_addr= or src outsdide: depending on how it is passed to the script.

Sub GetT()
    Dim RegX, RegI, M, s
    Dim C As String
    C = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group ""outside_access_in""" & _
        ":%PIX-4-402106: src outside:143.13.12.123 Rec'd packet not an IPSEC packet. (ip) dest_addr= 12.45.90.231, src_addr= 11.2.136.15, prot= tcp"
    Set RegX = CreateObject("vbscript.regexp")
    RegX.Global = True
    RegX.MultiLine = True
    RegX.Pattern = "src\s{1}outside:(\d{3}\.\d{2}.\d{2}\.\d{3})"
    Set RegI = RegX.Execute(C)
    For Each M In RegI
        Set subm = M.submatches
        For Each s In subm
            Debug.Print s
        Next
    Next
End Sub


 

by: brettdjPosted on 2004-05-22 at 16:47:04ID: 11135656

The code below does pick up any match for either src_addr= or src outside. In the case below it picks up both as I've put both examples in the string

If there is only one occurence in a string it will pick up only that one

Sub GetT()
    Dim RegX, RegI, M, s
    Dim C As String
    C = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group ""outside_access_in""" & _
        ":%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 12.45.90.231, src_addr= 11.2.136.15, prot= tcp"
    Set RegX = CreateObject("vbscript.regexp")
    RegX.Global = True
    RegX.MultiLine = True
    RegX.Pattern = "(?:src\s{1}outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"
    Set RegI = RegX.Execute(C)
    For Each M In RegI
        Set subm = M.submatches
        For Each s In subm
            Debug.Print s
        Next
    Next
End Sub

Cheers

Dave

 

by: brian_appliedcpuPosted on 2004-05-22 at 18:21:43ID: 11135865

OK what am I missing?
what is the variable name that is supposed to be parsed out?

 

by: brettdjPosted on 2004-05-22 at 20:12:39ID: 11136139

the submatchs contains your info, in the case above it is returned by s

I've altered the code below so that is only finds the first match, either  "src outside: number" or "src_addr= number " and then puts it either to VarCustom01 ot VarCustom02

Sub GetT()
    Dim RegX, RegI, VarCustom01, VarCustom02
    Dim C As String
    C = ":%P1.2.136.15, prot= tcp"
    Set RegX = CreateObject("vbscript.regexp")
    RegX.Pattern = "(src\s{1}outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"
    Set RegI = RegX.Execute(C)
    If RegI.Count = 0 Then Exit Sub
    'no matches
    Set subm = RegI(0).submatches
    If subm(0) = "src outside:" Then
        VarCustom01 = subm(1)
        MsgBox "VarCustom01 is " & VarCustom01
    Else
        VarCustom02 = subm(1)
        MsgBox "VarCustom02 is " & VarCustom02
    End If
End Sub

 

by: brettdjPosted on 2004-05-22 at 20:13:36ID: 11136142

aplogies, wrong test string above

Sub GetT()
    Dim RegX, RegI, VarCustom01, VarCustom02
    Dim C As String
  C = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group ""outside_access_in""" & _
        ":%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 12.45.90.231, src_addr= 11.2.136.15, prot= tcp"

    Set RegX = CreateObject("vbscript.regexp")
    RegX.Pattern = "(src\s{1}outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"
    Set RegI = RegX.Execute(C)
    If RegI.Count = 0 Then Exit Sub
    'no matches
    Set subm = RegI(0).submatches
    If subm(0) = "src outside:" Then
        VarCustom01 = subm(1)
        MsgBox "VarCustom01 is " & VarCustom01
    Else
        VarCustom02 = subm(1)
        MsgBox "VarCustom02 is " & VarCustom02
    End If
End Sub

 

by: brian_appliedcpuPosted on 2004-05-23 at 16:29:32ID: 11139441

I have adjusted this to remove the sub as I don't think I need the sub since it is the entire script, I also changed the exit to exit function.  
I moved the Dims up to the top of the script
I also removed the "as String" as I am actually passing the message to the script as M.
I removed the  MsgBox "VarCustomXX as there is no way for me to see the box..
I tested my previous main script with the one that mmcain had offered so i know that i am actually passing info, but something is just not right here.  

Can you please look at it and see where I screwed up?


Function Main()
Dim M
Dim RegX
Dim RegI
Dim C

M = Fields.VarCleanMessageText
C = M


' If message length is too short, exit function
If Len(M) < 15 then exit function


' Sub GetT()

    Set RegX = CreateObject("vbscript.regexp")
    RegX.Pattern = "(src\s{1}outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"
    Set RegI = RegX.Execute(C)
    If RegI.Count = 0 Then Exit function
    'no matches
    Set subm = RegI(0).submatches
    If subm(0) = "src outside:" Then
        Fields.VarCustom01 = subm(1)
'        MsgBox "VarCustom01 is " & VarCustom01
    Else
        Fields.VarCustom02 = subm(1)
'        MsgBox "VarCustom02 is " & VarCustom02
    End If
' End Sub

Fields.VarCustom03 = Fields.VarCleanMessageText
End function

 

by: brettdjPosted on 2004-05-23 at 17:50:12ID: 11139667

Hi Brian,

I actually tested this in Excel.

What string is being passed to C?
Is anything being extracted by subm(1) or subm(2)?

Cheers

Dave





 

by: brian_appliedcpuPosted on 2004-05-23 at 18:08:01ID: 11139736

The below:

:%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group outside_access_in

How do you test this in excel?

 

by: brettdjPosted on 2004-05-23 at 18:27:12ID: 11139796

this code gave me "123.13.12.123"

start Excel

- hold down Alt & F11 to go to the Visual basic Editor (VBE)
- Insert Module
- paste the code below
- hit F5 to Run (or Run via menu). Alternatively you can step through the code using F8.

Sub GetT()
Dim RegX, RegI, VarCustom01, VarCustom02
Dim C          As String
    C = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group outside_access_in"
    Set RegX = CreateObject("vbscript.regexp")
    RegX.Pattern = "(src\s{1}outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"
    Set RegI = RegX.Execute(C)
    If RegI.Count = 0 Then Exit Sub
    'no matches
    Set subm = RegI(0).submatches
    If subm(0) = "src outside:" Then
        VarCustom01 = subm(1)
        MsgBox "VarCustom01 is " & VarCustom01
    Else
        VarCustom02 = subm(1)
        MsgBox "VarCustom02 is " & VarCustom02
    End If
End Sub

 

by: brian_appliedcpuPosted on 2004-05-23 at 20:20:15ID: 11140188

Your right it works fine in excel...but not in my app...
I am running it in Kiwi Syslog server as an Action.
It supports the VBScripting Language
Currently two scripting languages are supported:

VBScript - A variation of Visual Basic or VBA (Visual Basic for Applications) used in MS Word and Excel. This language is easy to learn and has a rich feature set.

JScript - A variation of Java Script used in web pages. If you are familiar with Java Script then this may be your language of choice.

It does not seem to like the sub though.
it wants it all between...

Example:
***************************************
Function Main()

' Your code goes here


' Set the return value to OK

Main = "OK"
End Function
*****************************************
So my code looks like this...

Function Main()

' By default, skip to the next rule, don't take the actions that follow
' If we exit the function before we get to the end, the default 'skip to next rule'
' will be used.
Fields.ActionQuit = 100

' This script will parse a Cisco Firewall syslog file and pass the source IP and hostname
' to custom variables. These values can then be passed to other actions.

'
' Ensure that the Fields read/write permissions are set as below...
'
'                Read | Write
' Common fields    X  |
' Other fields        |
' Custom fields       |  X
'
'


' We want to find the source IP address and pass it to custom variables



'Sub GetT()
Dim RegX, RegI, VarCustom01, VarCustom02, C
'Dim C
'    C = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group outside_access_in"
 C = Fields.VarCleanMessageText  
    Set RegX = CreateObject("vbscript.regexp")
    RegX.Pattern = "(src\s{1}outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"
    Set RegI = RegX.Execute(C)
    If RegI.Count = 0 Then End Function
    'no matches
    Set subm = RegI(0).submatches
    If subm(0) = "src outside:" Then
        Fields.VarCustom01 = subm(1)
'        MsgBox "VarCustom01 is " & VarCustom01
    Else
        Fields.VarCustom02 = subm(1)
'        MsgBox "VarCustom02 is " & VarCustom02
    End If
'End Sub





' Since we have a valid match, we want to execute the send e-mail action which follows.
' Setting ActionQuit to 0 means we won't skip any actions.
Fields.ActionQuit = 0
 
End function

 
' Set the return value to OK
Main = "OK"
End Function

 

by: brian_appliedcpuPosted on 2004-05-24 at 07:24:29ID: 11143277

Ok....
I seem to have the sub/main issue semi out of the way...but it appears that my sub is not returning the values...can you take a look at this?


Sub GetT(M)
Dim RegX, RegI, src_addr01, src_addr02
Dim C
C = M
' Dim C As String
 '   C = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group outside_access_in"
    Set RegX = CreateObject("vbscript.regexp")
    RegX.Pattern = "(src\s{1}outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"
    Set RegI = RegX.Execute(C)
    If RegI.Count = 0 Then Exit Sub
    'no matches
    Set subm = RegI(0).submatches
    If subm(0) = "src outside:" Then
        src_addr01 = subm(1)
'        MsgBox "VarCustom01 is " & src_addr01
    Else
        src_addr02 = subm(1)
'       MsgBox "VarCustom02 is " & src_addr02
    End If

End Sub


Function Main()


' By default, skip to the next rule, don't take the actions that follow
' If we exit the function before we get to the end, the default 'skip to next rule'
' will be used.
'Fields.ActionQuit = 100

' This script will parse a Cisco Firewall syslog file and pass the source IP and hostname
' to custom variables. These values can then be passed to other actions.

'
' Ensure that the Fields read/write permissions are set as below...
'
'                Read | Write
' Common fields    X  |
' Other fields        |
' Custom fields       |  X
'
'
' Dim M
' M = Fields.VarCleanMessageText
 Dim M As String
    M = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group outside_access_in"


' We want to find the source IP address and pass it to custom variables

 GetT (M)

'Fields.VarCustom01 = src_addr01
'Fields.VarCustom02 = src_addr02
'Fields.VarCustom03 = C
MsgBox "VarCustom01 is " & src_addr01
MsgBox "VarCustom02 is " & src_addr02
MsgBox "VarCustom03 is " & C

' Since we have a valid match, we want to execute the send e-mail action which follows.
' Setting ActionQuit to 0 means we won't skip any actions.
'Fields.ActionQuit = 0
 


 
' Set the return value to OK
Main = "OK"
End Function

 

by: brian_appliedcpuPosted on 2004-05-24 at 08:55:09ID: 11144127

OK I know you havn't responded...but I kept plugging away at it and I am ready to accept an answer.

mccainz2 was the first to answer and although i ended up not using his script he was very helpful in explaining the parsing process so I would like to give him 100 points.

brettdj you were awesome so you would get the other 400.

If anyone objects or would like to comment please do.

I will close this out within 12 hours if I do not hear from anyone.

Thank you all

 

by: brettdjPosted on 2004-05-24 at 15:58:28ID: 11147369

Hi Brian,

Sorry, my timezone often doen't align well with the rest of EE.

Is your sub still not parsing the data correctly? I've answered a number of parsing questions in VB and I've always tested them using the VBScript RegExp object in Excel VBA - I'm not sure why this one isn 't working

Maybe its worth posting another link to this question to see if there is someone who knows why the Kiwi Syslog server doesn't like it?

Cheers

Dave

 

by: brian_appliedcpuPosted on 2004-05-24 at 18:40:55ID: 11148089

No....and yes

For the most part it is but it appears to return the value if the pattern contains outside: but not src_addr.  I replaced the line  If subm(0) = "outside:" Then with  If subm(0) = "src_addr=" Then   and it works fine for those with src_addr but not outside:

Sub GetT(M, A, B, C)
Dim RegX, RegI, src_addr01, src_addr02
'Dim C
'C = M
'Dim C As String
  '  C = ":%PIX-4-106023: Deny tcp src outside:123.13.12.123/80 dst inside:24.24.90.123/5694 by access-group outside_access_in"
Set RegX = CreateObject("vbscript.regexp")
    RegX.Pattern = "(outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"
    Set RegI = RegX.Execute(C)
    If RegI.Count = 0 Then Exit Sub
    'no matches
    Set subm = RegI(0).submatches
    If subm(0) = "outside:" Then
        VCustom01 = subm(1)
        MsgBox "VarCustom01 is " & VCustom01
        A = VarCustom01
        MsgBox "AVarCustom01 is " & A
    Else
        VCustom02 = subm(1)
        MsgBox "VarCustom02 is " & VCustom02
        B = VarCustom02
        MsgBox "BVarCustom02 is " & B
    End If

End Sub

 

by: brettdjPosted on 2004-05-24 at 19:03:30ID: 11148189


Can you please post the test string with the non src_addr match, I can think of a couple of possible reasons.

(1) Are you getting matches for both src_addr and outside in the same string?

If yes then the code needs changing as it currently only finds the first match

(2)
in an earlier example for src_addr there was a space before the number, ie
src_addr= 11.2.136.15

And the pattern is looking for this space
RegX.Pattern = "(outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"

Does your string have this space ? (Presumably yes if your code change worked)

Cheers

Dave

 

by: brian_appliedcpuPosted on 2004-05-25 at 05:14:57ID: 11150973

Possible string #1

:%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 24.123.90.231, src_addr= 65.6.123.15, prot= tcp


Possible string #2

:%PIX-4-106023: Deny tcp src outside:216.136.173.205/80 dst inside:24.123.90.231/49502 by access-group "outside_access_in"

The script receives only one string and i need to match only one item either the src_addr= or the outside:

Thanks for your diligence in solving this.

bkl

 

by: brettdjPosted on 2004-05-25 at 05:26:35ID: 11151048

Hi again,

both of these work for me in Excel if I take turns at setting those strings to C

VarCustom02 is 65.6.123.15
then
VarCustom01 is 216.136.173.205


Sub GetT()
Dim RegX, RegI, VarCustom01, VarCustom02
Dim C          As String
    C = ":%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr= 24.123.90.231, src_addr= 65.6.123.15, prot= tcp"
    'C = ":%PIX-4-106023: Deny tcp src outside:216.136.173.205/80 dst inside:24.123.90.231/49502 by access-group ""outside_access_in"""
      Set RegX = CreateObject("vbscript.regexp")
    RegX.Pattern = "(src\s{1}outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"
    Set RegI = RegX.Execute(C)
    If RegI.Count = 0 Then Exit Sub
    'no matches
    Set subm = RegI(0).submatches
    If subm(0) = "src outside:" Then
        VarCustom01 = subm(1)
        MsgBox "VarCustom01 is " & VarCustom01
    Else
        VarCustom02 = subm(1)
        MsgBox "VarCustom02 is " & VarCustom02
    End If
End Sub

 

by: brian_appliedcpuPosted on 2004-05-25 at 06:44:16ID: 11151730

I had screwed up in the declarations and when i renamed the value from B = VCustom02 i had B = VarCustom02 which had a value of "" so it was sending an empty string....
Are you ok with the points split?
Give my other open question a shot if you like, the link is listed at the bottom of this.


Sub GetT(M, A, B, C)
Dim RegX, RegI, VarCustom01, VarCustom02, VCustom01, VCustom02
Set RegX = CreateObject("vbscript.regexp")
    RegX.Pattern = "(outside:|src_addr= )(\d{1,3}\.\d{1,3}.\d{1,3}\.\d{1,3})"
    Set RegI = RegX.Execute(C)
    If RegI.Count = 0 Then Exit Sub
    'no matches
    Set subm = RegI(0).submatches
    If subm(0) = "outside:" Then
        VCustom01 = subm(1)
        MsgBox "VarCustom01 is " & VCustom01
        A = VCustom01
        MsgBox "AVarCustom01 is " & A
    Else
        VCustom02 = subm(1)
        MsgBox "VarCustom02 is " & VCustom02
        B = VCustom02
        MsgBox "BVarCustom02 is " & B
    End If

End Sub




http://www.experts-exchange.com/Programming/Q_21000625.html#11148344
 
   

 

by: brettdjPosted on 2004-05-25 at 15:52:06ID: 11156784

The points split is fine with me Brian

I'll wander off and have a look at your other question

Cheers

Dave

 

by: brian_appliedcpuPosted on 2004-05-25 at 16:04:47ID: 11156851

Sorry about the accepted vs the assisted, must have screwed up somewhere....
Is there someplace that I can fix it?

bkl

 

by: brettdjPosted on 2004-05-25 at 16:45:51ID: 11157032

Dont worry it doesn't matter. Thanks for the grade

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...