I am trying to regex match a string like this:
video11.ord01.justin.tv
The digits can increment, “video” can be ‘video’ or ‘media’, and “ord” can be a number of things. Here’s the regex I’ve come up with:
^.*(get|GET)\s+((video|media)\d+\.)((ams|fra|lhr|arn|iad|mia|jfk|ord|dfw|lax)?\d?\.)((twitch|justin)\.(tv))$
I have a mangle rule matching this regex, which marks the connection, and another mangle rule that matches that connection and marks the packet. Neither has any traffic hitting it, although I’m fairly certain this should match properly. I’ve tried with and without the GET portion. Any ideas what I’m doing wrong?
Thanks!