these are my logs and i need to grab complete .exe filenames:
1366986567.625 41 94.229.0.20 TCP_DENIED/403 1896 GET http://193.142.244.17/lxkj3824y896yursilh/5492.exe cindy@demo.com NONE/- - BLOCK_WBRS-DefaultGroup-Demo_Clients-NONE-NONE-NONE <nc,-8.7,-,-,-,-,-,-,-,-,-,-,-,-,-,nc,-> - -
1366984129.742 47 27.35.11.11 NONE/503 1890 GET http://topwinsystemscan.com/install/installpv.exe maximus@demo.com NONE/topwinsystemscan.com - OTHER-NONE-Demo_Clients-NONE-NONE-DefaultRouting <nc,dns,0,-,-,-,-,-,-,-,-,-,-,-,-,nc,-> - -
1366965031.191 8 203.172.197.2 TCP_DENIED/403 1866 GET http://81.174.66.128/.comete/10.exe tom@demo.com NONE/- - BLOCK_WBRS-DefaultGroup-Demo_Clients-NONE-NONE-NONE <nc,-6.0,-,-,-,-,-,-,-,-,-,-,-,-,-,nc,-> - -
this is my progress so far:
| rex field=_raw "http://[a-z0-9./]+(?<<exe>EXE>)[A-Za-z0-9].exe)"