Ruby: How do you use .uniq! on an array to look for duplicates based on a regex .scan? -

-

i'm having hard time grasping .uniq! method. i'm trying remove duplicate ips alerts in view.

if use code in original code: receive alerts ips in index view:. show alerts, example; receive 500 alerts can condensed down 1 alert based on signature id (sid), source ip (ip_src), , destination ip (ip_dst). if append .uniq! (if thats how should used) don't different results, assume not work because timestamps , source ports not same, unique. here 2 sample messages should 1 instead of two.

04/04-16:13:47.451062 [**] [1:10000001:1] <dna0:dna1> drop - wp-admin attempt [**] [classification: web application attack] [priority: 1] {tcp} 10.17.21.37:55749 -> 173.239.96.163:80

04/04-16:13:28.474894 [**] [1:10000001:1] <dna0:dna1> drop - wp-admin attempt [**] [classification: web application attack] [priority: 1] {tcp} 10.17.21.37:55707 -> 173.239.96.163:80

i use signature id (sid), source ip (ip_src), , destination ip (ip_dst) of every message, , remove duplicates.

i used .scan method find signature id, source ip, , destination ip. buit sid, ip_src, ip_dst. i'm stuck on line @filtered_snort_detail_query.push(ips_detail).uniq! , not know how need use information in sid, ip_src, ip_dst make @filtered_snort_detail_query pass unique alerts view.

index view:

<% if @filtered_snort_detail_query.count > 0 %>   <table>       <tr>         <th>timestamp</th>         <th>tag info</th>         <th>message</th>       </tr>       <% @filtered_snort_detail_query.each |d|         text_msg = d['_source']['message']         if d['_source']['message'].nil?         end       %>           <tr>             <td class='timestamp'><%= d['_source']['@timestamp'].to_time %></td>             <td class='tags'><%= d['_source']['tags'] %></td>             <td class='message'><%= text_msg %></td>           </tr>       <% end %>      </table> <% else %>     <div> no results returned. </div> <% end %>

original code:

if @es_snort_detail_query.count > 0       @filtered_snort_detail_query = array.new       @es_snort_detail_query.each |ips_detail|         next if ips_detail['_source']['type'] != 'snort-ips'         next if ips_detail['_source']['@timestamp'] < @ts         @filtered_snort_detail_query.push(ips_detail)       end  end

modified code:

    if @es_snort_detail_query.count > 0       sid = array.new       ip_src = array.new       ip_dst = array.new       @filtered_snort_detail_query = array.new       @es_snort_detail_query.each |ips_detail|         next if ips_detail['_source']['type'] != 'snort-ips'         next if ips_detail['_source']['@timestamp'] < @ts         if ips_detail['_source']['message'].nil?           text_msg = ips_detail['_source']['message']         else           text_msg = ips_detail['_source']['message']         end         unless text_msg.nil?           sid_data = text_msg.scan(/\[\d+:\d+:\d+\]/)           src_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)           dst_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)           sid.push(sid_data[0]) unless sid_data[0].nil?           ip_src.push(src_ip_data[0]) unless src_ip_data[0].nil?           ip_dst.push(dst_ip_data[1]) unless dst_ip_data[1].nil?            @filtered_snort_detail_query.push(ips_detail).uniq!           #[{:unique_ids => sid}, {:unique_ids => ip_src}, {:unique_ids => ip_dst}]         end       end       end

you can pass block uniq tell how want dedup array:

@filtered_snort_detail_query = @es_snort_detail_query.reject |ips_detail|   ips_detail['_source']['type'] != 'snort-ips' || ips_detail['_source']['@timestamp'] < @ts end.uniq |ips_detail|   if ips_detail['_source']['message'].nil?     text_msg = ips_detail['_source']['message']   else     text_msg = ips_detail['_source']['message']   end   unless text_msg.nil?     sid_data = text_msg.scan(/\[\d+:\d+:\d+\]/)     src_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)     dst_ip_data = text_msg.scan(/(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)     [sid_data, src_ip_data, dst_ip_data]   end end

Comments

Post a Comment

Popular posts from this blog

c# - Unity IoC Lifetime per HttpRequest for UserStore -

-
i'm trying clean default implementation of accountcontroller.cs comes out of box in new mvc5/owin security implementation. have modified constructor this: private usermanager<applicationuser> usermanager; public accountcontroller(usermanager<applicationuser> usermanager) { this.usermanager = usermanager; } also, have created lifetime manager unity looks this: public class httpcontextlifetimemanager<t> : lifetimemanager, idisposable { private httpcontextbase _context = null; public httpcontextlifetimemanager() { _context = new httpcontextwrapper(httpcontext.current); } public httpcontextlifetimemanager(httpcontextbase context) { if (context == null) throw new argumentnullexception("context"); _context = context; } public void dispose() { this.removevalue(); } public override object get...
Read more

Change the color of an oval at click in Java AWT -

-
i have draw ovals in java, , @ click change color. beginning tried change color after 20 ms, doesn't work. my code is: public class mycomponentnew extends frame { public graphics2d g2d; public mycomponentnew(string title) { super(title); setsize(400, 550); } @override public void paint(graphics g) { this.g2d = (graphics2d) g; this.g2d.setcolor(color.red); this.g2d.filloval(10, 55, 50, 100); } public void changecolor () { this.g2d.setcolor(color.blue); this.g2d.filloval(10, 55, 50, 100); } } and in class main method have: mycomponentnew m; m = new mycomponentnew("fereastra cu baloane"); m.setvisible(true); m.addwindowlistener(new windowadapter() { @override public void windowclosing(windowevent we) { system.exit(0); } }); try { thread.sleep(20); } catch(interruptedexception e) {} m.changecolor(); the color of oval remains red. ...
Read more

I am trying to solve the error message 'incompatible ranks 0 and 1 in assignment' in a fortran 95 program. -

-
i writing program in fortran find velocity of parachuting person in relation time. keep getting error can't fix. new programming , appreciated. the error is v(i+1)=v(i)+[32-((c*v(i)*v(i))/m)]*(h) 1 error: incompatible ranks 0 , 1 in assignment @ (1) and program is program para integer :: real :: v(11) !velocity real :: q !initial velocity real :: h !time step real :: c !drag coefficient real :: m !mass ! gravity equal 32 ft/s^2 write (*,*)'enter time step' read(*,*)h write(*,*)'enter initial velocity' read(*,*)q write(*,*)'enter drag coefficient' read(*,*)c write(*,*)'enter mass' read(*,*)m i=1,10 ! 1 10, 1 being interval. end v(i+1)=v(i)+[32-((c*v(i)*v(i))/m)]*(h) q=v(1) end program you cannot use [] normal parenthesis in expressions. array constructor, [ items ] means array items elements. end do should after line.
Read more