• Support
  • Forums
  • Blogs

/usr/share/ossim/scripts/regexp.py sorting bug?


Entry Level
edited December 2012 in AlienVault USM Appliance > Sensor
Documentation states, that rules are sorted alphabetically before evaluation (see  http://communities.alienvault.com/docs/AlienVault Building Collector Plugins.pdf)

Code seems to do something different, it sorts keys() but iterates over something else. This does not matter, if each log-line is only matched by one rule, but fails if more than one rule can match and sorting is relevant.

    keys = rules.keys()
    for line in data:
        for rule in rules.iterkeys():
            rulename = rule
            regexp = get_entry(config, rule, 'regexp')
            if regexp is "":

Can someone confirm that?

Share post:

This discussion has been closed.