Regex para coincidir con los registros de IDS de Bro

-2

Cómo escribir una expresión regular para obtener CN, O, ST, C en las cadenas si existen.

Ejemplo de entrada:

{"ts":1537159826.804384,"uid":"CGvaSh4uPO39lxSdU2","id.orig_h":"192.168.8.32","id.orig_p":1287,"id.resp_h":"192.168.1.199","id.resp_p":13000,"version":"TLSv12","cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","resumed":false,"established":true,"cert_chain_fuids":["FjgtKQ1uIs3Qgvb6o1","F6iQCy1iLY2CIshua7"],"client_cert_chain_fuids":[],"subject":"CN=Kaspersky-Srv","issuer":"CN=Kaspersky-Srv","validation_status":"self signed certificate in certificate chain"}
{"ts":1537159827.160892,"uid":"CZzMLE3PcfJtCnyied","id.orig_h":"192.168.1.242","id.orig_p":55805,"id.resp_h":"192.168.4.27","id.resp_p":443,"version":"TLSv10","cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","curve":"secp256r1","resumed":false,"established":true,"cert_chain_fuids":["F7MofV1dAQafCQAoS8","FdZJdr24uytt51AcGc"],"client_cert_chain_fuids":[],"subject":"[email protected],CN=192.168.4.27,OU=VMware Engineering,O=VMware,L=Palo Alto,ST=California,C=US","issuer":"O=vcenter-Srv,C=US,DC=local,DC=vsphere,CN=CA","validation_status":"self signed certificate in certificate chain"}
hamid sha
fuente
Json y Regex no son buenos amigos. Use un analizador, es más sencillo, más rápido y mucho más fácil de mantener.
Toto

Respuestas:

0
perl -lane 'print "$1 $3 $5 $7" if /CN=([^",]*)(.*?O=([^",]*))?(.*?ST=([^",]*))?(.*?C=([^",]*))?/' input.json

Salida:

Kaspersky-Srv
192.168.4.27 VMware California US
simlev
fuente