from Slashdot: Cisco patents ‘Intrusion detection signature analysis using regular expressions and logical operators’.
That is so, so sad. Filed January 15, 1999. There’s got to be a stack of prior art.
A google search throws up this trivial example first off —
the use of snoop | egrep 'PATTERN1|PATTERN2|PATTERN3'. More
searching reveals Lance
Spitzner’s page on Intrusion Detection for Checkpoint FW-1, which
looks like it was originally written in 1997. The alert.sh script
there uses grep(1) plentifully.