Ruby: How do you use .uniq! on an array to look for duplicates based on a regex .scan? -

-

i'm having hard time grasping .uniq! method. i'm trying remove duplicate ips alerts in view.

if use code in original code: receive alerts ips in index view:. show alerts, example; receive 500 alerts can condensed down 1 alert based on signature id (sid), source ip (ip_src), , destination ip (ip_dst). if append .uniq! (if thats how should used) don't different results, assume not work because timestamps , source ports not same, unique. here 2 sample messages should 1 instead of two.

04/04-16:13:47.451062 [**] [1:10000001:1] <dna0:dna1> drop - wp-admin attempt [**] [classification: web application attack] [priority: 1] {tcp} 10.17.21.37:55749 -> 173.239.96.163:80

04/04-16:13:28.474894 [**] [1:10000001:1] <dna0:dna1> drop - wp-admin attempt [**] [classification: web application attack] [priority: 1] {tcp} 10.17.21.37:55707 -> 173.239.96.163:80

i use signature id (sid), source ip (ip_src), , destination ip (ip_dst) of every message, , remove duplicates.

i used .scan method find signature id, source ip, , destination ip. buit sid, ip_src, ip_dst. i'm stuck on line @filtered_snort_detail_query.push(ips_detail).uniq! , not know how need use information in sid, ip_src, ip_dst make @filtered_snort_detail_query pass unique alerts view.

index view:

<% if @filtered_snort_detail_query.count > 0 %>   <table>       <tr>         <th>timestamp</th>         <th>tag info</th>         <th>message</th>       </tr>       <% @filtered_snort_detail_query.each |d|         text_msg = d['_source']['message']         if d['_source']['message'].nil?         end       %>           <tr>             <td class='timestamp'><%= d['_source']['@timestamp'].to_time %></td>             <td class='tags'><%= d['_source']['tags'] %></td>             <td class='message'><%= text_msg %></td>           </tr>       <% end %>      </table> <% else %>     <div> no results returned. </div> <% end %>

original code:

if @es_snort_detail_query.count > 0       @filtered_snort_detail_query = array.new       @es_snort_detail_query.each |ips_detail|         next if ips_detail['_source']['type'] != 'snort-ips'         next if ips_detail['_source']['@timestamp'] < @ts         @filtered_snort_detail_query.push(ips_detail)       end  end

modified code:

    if @es_snort_detail_query.count > 0       sid = array.new       ip_src = array.new       ip_dst = array.new       @filtered_snort_detail_query = array.new       @es_snort_detail_query.each |ips_detail|         next if ips_detail['_source']['type'] != 'snort-ips'         next if ips_detail['_source']['@timestamp'] < @ts         if ips_detail['_source']['message'].nil?           text_msg = ips_detail['_source']['message']         else           text_msg = ips_detail['_source']['message']         end         unless text_msg.nil?           sid_data = text_msg.scan(/\[\d+:\d+:\d+\]/)           src_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)           dst_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)           sid.push(sid_data[0]) unless sid_data[0].nil?           ip_src.push(src_ip_data[0]) unless src_ip_data[0].nil?           ip_dst.push(dst_ip_data[1]) unless dst_ip_data[1].nil?            @filtered_snort_detail_query.push(ips_detail).uniq!           #[{:unique_ids => sid}, {:unique_ids => ip_src}, {:unique_ids => ip_dst}]         end       end       end

you can pass block uniq tell how want dedup array:

@filtered_snort_detail_query = @es_snort_detail_query.reject |ips_detail|   ips_detail['_source']['type'] != 'snort-ips' || ips_detail['_source']['@timestamp'] < @ts end.uniq |ips_detail|   if ips_detail['_source']['message'].nil?     text_msg = ips_detail['_source']['message']   else     text_msg = ips_detail['_source']['message']   end   unless text_msg.nil?     sid_data = text_msg.scan(/\[\d+:\d+:\d+\]/)     src_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)     dst_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)     [sid_data, src_ip_data, dst_ip_data]   end end

Comments

Post a Comment

Popular posts from this blog

PHPMotion implementation - URL based videos (Hosted on separate location) -

-
i have implement video collection website users of specific isp. site hosted on public web-server movies hosted on local isp server. user of isp + general visitors can see available movies; isp's users able play them. player on site point url of local machine ( http://192.x.x.x/movies/mymovie.mov ) private class (192.x.x.x) accessible isp user. question: possible phpmotion script? or need custom work. if possible, can please suggest available mods? phpmotion require modifications able handle this. uploading, conversion, thumbnail generation, , playback pretty static in phpmotion. really though, rather modding entire upload , conversion process, if created quick custom form add entries phpmotion database (maybe include thumbnail upload), tweaked playback paths, should go on phpmotion side of things. assume had videos in format player handle (such flv or mp4).
Read more

javascript - Using Windows Media Player as video fallback for video tag -

-
getting video play cross platform using example video.js bit of fuss. in days when video should embedded use embed windows media player, work out of box on windows. since it's today old ie on windows doesn't support video tag experimented using windows media player fallback, , work well. what wonder here is, why haven't else solution? have missed something? code small, there's no flash files, cross domain issues or need of server working. works. so before develop further , add custom control , subtitles support wonder say. the code looks this: <video id="myvideo" style="width:640px; height: 360px;" autoplay data-wimpsource="http://esd.volvocars.com/dc/cdn/video/birds-on-a-wire.mp4"> <source src="http://esd.volvocars.com/dc/cdn/video/birds-on-a-wire.mp4" type="video/mp4" /> <source src="http://esd.volvocars.com/dc/cdn/video/birds-on-a-wire.webm" type="video/webm" />
Read more

c# - Unity IoC Lifetime per HttpRequest for UserStore -

-
i'm trying clean default implementation of accountcontroller.cs comes out of box in new mvc5/owin security implementation. have modified constructor this: private usermanager<applicationuser> usermanager; public accountcontroller(usermanager<applicationuser> usermanager) { this.usermanager = usermanager; } also, have created lifetime manager unity looks this: public class httpcontextlifetimemanager<t> : lifetimemanager, idisposable { private httpcontextbase _context = null; public httpcontextlifetimemanager() { _context = new httpcontextwrapper(httpcontext.current); } public httpcontextlifetimemanager(httpcontextbase context) { if (context == null) throw new argumentnullexception("context"); _context = context; } public void dispose() { this.removevalue(); } public override object get
Read more