\_ Am 16. Jan, 2001 schwäzte Kevin Brown so:
\_ > I could check, but the perl script is over 100 pages long (yes I
\_ > printed it out for fun).  It was written by other people for
\_ > doing this.  This is a low priority for me since my prime job is
\_ > getting the NIDS working with SQL and logging it all to a db.
\_ 
\_ Search it for system calls. Those will kill you when you start checking a
\_ lot of data.

Grep is your friend in a long listing looking for particular things.

egrep system|\` 100-pages.pl 

should reveal most system calls, but if they've done it intelligently,
there's a wrapper and there is but one system call, wrapped by an
argument processer/logger.

egrep '[\.\+\)\(\*\?]{3,}' 100-pages.pl

YMMV on that last regex, but the man pages and seat of the pants
coding says it feels good for finking the potentially dangerous
regexen in the source code.  Unless, of course, they built up a hairy
regex in pieces, concatted them, and then run the happy pattern
against it. :-)

David