Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Zeek regular expression consumes a lot of memory #450

Open
shuaidonga opened this issue Jul 2, 2019 · 2 comments

Comments

Projects
None yet
4 participants
@shuaidonga
Copy link

commented Jul 2, 2019

After writing a zeek regex that matches the phone number, the zeek work consumes a huge increase in memory.
The following is my matching regular expression script
image
image
The above processing will consume a lot of memory, is there any good solution?

@ZekeMedley

This comment has been minimized.

Copy link
Member

commented Jul 2, 2019

Sorry about the high memory use. If the pattern matching is really what is so expensive, some quick thoughts:

  1. I'd imagine that the event http_message_done is happening with some frequency. Even if the pattern matching is fairly low cost, that cost could add up if you're doing it every time a http message finishes. Maybe there is a way you could narrow that down?

  2. In assert_num11_not_contain_num12 could you just match against /[0-9]{11}([^0-9]|$)/? My regex is a little rusty, but the idea there is to match against 11 numbers and then something else or the end of the text. That way you don't have to check for an 11 digit number and then a 12 digit one. You could also try and just add a check like that to the end of your mobile_regex and then match that against the response body.

@jsiwek jsiwek added the Area: Regex label Jul 9, 2019

@JustinAzoff

This comment has been minimized.

Copy link
Contributor

commented Jul 10, 2019

Can you attach those files as text instead of images?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.