Understanding BRE Syntax

The ESI External Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance. syslog parser supports regular expressions created using the BRE Basic Regular Expression. The BRE syntax standards designed by the IEEE provides extension to the traditional Simple Regular Expressions syntax and allows consistency between utility programs such as grep, sed, and awk. syntax described in this section. BRE Basic Regular Expression. The BRE syntax standards designed by the IEEE provides extension to the traditional Simple Regular Expressions syntax and allows consistency between utility programs such as grep, sed, and awk. syntax consists of instructions—character-matching operators (described in Table 1), repetition operators (described in Table 2), or expression anchors (described in Table 3)—used to defined the search or match target.

The sections below provide information on character matching and generally used regular expressions.

Character-Matching Operators

Character-matching operators define what the search will match.

Table 1: Character-matching operators in regular expressions

Operator

Description

Sample

Result

.

Match any one character.

grep .ord sample.txt

Matches ford, lord, 2ord, etc. in the file sample.txt.

[ ]

Match any one character listed between the brackets

grep [cng]ord sample.txt

Matches only cord, nord, and gord

[^]

Match any one character not listed between the brackets

grep [^cn]ord sample.txt

Matches lord, 2ord, etc., but not cord or nord

 

 

grep [a-zA-Z]ord sample.txt

Matches aord, bord, Aord, Bord, etc.

 

 

grep [^0-9]ord sample.txt

Matches Aord, aord, etc., but not 2ord, etc.

Regular Expression Repetition Operators

Repetition operators are quantifiers that describe how many times to search for a specified string. Use them in conjunction with the character-matching operators in Table 2 to search for multiple characters.

Table 2: Regular expression repetition operators

Operator

Description

Sample

Result

?

Match any character one time if it exists

egrep “?erd” sample text

Matches berd, herd, etc., erd

*

Match declared element multiple times if it exists

egrep “n.*rd” sample.txt

Matches nerd, nrd, neard, etc.

+

Match declared element one or more times

egrep “[n]+erd” sample.txt

Matches nerd, nnerd, etc., but not erd

{n}

Match declared element exactly n times

egrep “[a-z]{2}erd” sample.txt

Matches cherd, blerd, etc., but not nerd, erd, buzzerd, etc.

{n,}

Match declared element at least n times

egrep “.{2,}erd” sample.txt

Matches cherd and buzzerd, but not nerd

{n,N}

Match declared element at least n times, but not more than N times

egrep “n[e]{1,2}rd” sample.txt

Matches nerd and neerd

Regular Expression Anchors

Anchors describe where to match the pattern, and are a handy tool for searching for common string combinations. Some of the anchor examples use the vi line editor command :s, which stands for substitute. That command uses the syntax: s/pattern_to_match/pattern_to_substitute.

Table 3: Regular expression anchors

Operator

Description

Sample

Result

^

Match at the beginning of a line

s/^/blah /

Inserts “blah” at the beginning of the line

$

Match at the end of a line

s/$/ blah/

Inserts “ blah” at the end of the line

\<

 

Match at the beginning of a word

 

s/\</blah/

Inserts “blah” at the beginning of the word

egrep “\<blah” sample.txt

Matches blahfield, etc.

\>

 

Match at the end of a word

 

s/\>/blah/

Inserts “blah” at the end of the word

egrep “\>blah” sample.txt

Matches soupblah, etc.

\b

Match at the beginning or end of a word

egrep “\bblah” sample.txt

Matches blahcake and countblah

\B

Match in the middle of a word

egrep “\Bblah” sample.txt

Matches sublahper, etc.

References

This implementation is based, in part, on the following resources: