[英]Perl parse malformed XML files
I am writing a parser for Ossec's rules files in perl. 我正在Perl中为Ossec的规则文件编写解析器。
I am using XML::Simple and it generally works fine, BUT some of the rules files in question are malformed, instead of having a top level <group> <\\group>
there are several. 我正在使用XML :: Simple,并且通常可以正常工作,但是有问题的某些规则文件格式错误,而不是顶层<group> <\\group>
有几个。
I have read perlfaq : http://perldoc.perl.org/perlfaq6.html#How-can-I-pull-out-lines-between-two-patterns-that-are-themselves-on-different-lines%3f 我已经阅读了perlfaq: http ://perldoc.perl.org/perlfaq6.html#How-can-I-pull-out-lines-between-two-patterns-that-are-themselves-on-different-lines%3f
I can match the text using the example there, but all the matches are grouped. 我可以使用此处的示例来匹配文本,但是所有匹配项均已分组。
the CLI code I have for this operation is : 我用于此操作的CLI代码是:
perl -ne 'print if /^<group name/ .. /^<\\group>/' attack_rules.xml
How do I separate the different matches? 如何区分不同的比赛?
Here is a sample malformed XML: 以下是格式错误的XML示例:
<!-- Privilege scalation messages -->
<group name="syslog,elevation_of_privilege,">
<rule id="40501" level="15" timeframe="300" frequency="2">
<if_group>adduser</if_group>
<if_matched_group>attacks</if_matched_group>
<description>Attacks followed by the addition </description>
<description>of an user.</description>
</rule>
</group> <!-- SYSLOG, ELEVATION_OF_PRIVILEGE, -->
<!-- Scan signatures -->
<group name="syslog,recon,">
<rule id="40601" level="10" frequency="10" timeframe="90" ignore="90">
<if_matched_group>connection_attempt</if_matched_group>
<description>Network scan from same source ip.</description>
<same_source_ip />
<info type="link">http://project.honeynet.org/papers/enemy2/</info>
</rule>
</group> <!-- SYSLOG,SCANS -->
如果唯一的问题是“多个根”,则可以将每个文件内容包装在<root>...</root>
并解析结果。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.