From f2880ec3d60dd9eb8091495eb053d21a2f837dd0 Mon Sep 17 00:00:00 2001
From: Marco Ochse <t3chn0m4g3@users.noreply.github.com>
Date: Sat, 21 Oct 2017 16:00:03 +0200
Subject: [PATCH] refine ip matching

fix regex to only match IPs at the beginning of a line
---
 docker/elk/logstash/dist/gen_iprep_map.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker/elk/logstash/dist/gen_iprep_map.sh b/docker/elk/logstash/dist/gen_iprep_map.sh
index 9ca5ec11..f8dd60fc 100755
--- a/docker/elk/logstash/dist/gen_iprep_map.sh
+++ b/docker/elk/logstash/dist/gen_iprep_map.sh
@@ -43,9 +43,9 @@ local myFILE=$1
       myZIP=$(file $myFILE | grep -c "Zip")
       if [ "$myZIP" == "1" ]
         then
-          unzip -p $myFILE | grep -o -P "\b(?:\d{1,3}\.){3}\d{1,3}/\d{1,2}\b" | xargs -I '{}' prips '{}'
+          unzip -p $myFILE | grep -o -P "^\b(?:\d{1,3}\.){3}\d{1,3}/\d{1,2}\b" | xargs -I '{}' prips '{}'
         else
-          grep -o -P "\b(?:\d{1,3}\.){3}\d{1,3}/\d{1,2}\b" $myFILE | xargs -I '{}' prips '{}'
+          grep -o -P "^\b(?:\d{1,3}\.){3}\d{1,3}/\d{1,2}\b" $myFILE | xargs -I '{}' prips '{}'
       fi
   fi
 }
@@ -60,9 +60,9 @@ local myFILE=$1
       myZIP=$(file $myFILE | grep -c "Zip")
       if [ "$myZIP" == "1" ]
         then
-          unzip -p $myFILE | grep -o -P "\b(?:\d{1,3}\.){3}\d{1,3}\b"
+          unzip -p $myFILE | grep -o -P "^\b(?:\d{1,3}\.){3}\d{1,3}\b"
         else
-          grep -o -P "\b(?:\d{1,3}\.){3}\d{1,3}\b" $myFILE
+          grep -o -P "^\b(?:\d{1,3}\.){3}\d{1,3}\b" $myFILE
       fi
   fi
 }