[Snort-users] pcre/regex help

John Hally JHally at EBSCO.COM
Fri Sep 29 08:04:55 EDT 2017

Hi All,

I’m trying to write a rule to capture email addresses being submitted to a web application and I cant seem to get the regex to work.

alert tcp $EXTERNAL_NET any -> any 80 (msg:"Target Email Detected"; pcre:"/.+\@.+\..+"; fast_pattern:only; nocase; classtype: Target Email Detected ;sid:1000023 ;)

I get the following error when running snort –T:

ERROR: /etc/snort/rules/local.rules Line 30 => unable to parse pcre regex ".+\@.+\..+"

Any help would be greatly appreciated!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170929/55612ae7/attachment.html>

More information about the Snort-users mailing list