On Thu, Mar 1, 2012 at 12:18 PM, dan (ddp) <ddp...@gmail.com> wrote: > It must be nice to have people do your work for you.
Sorry, but that is not my intention. I am trying to resolve this problem since this morning. > > I'm not sure how it can match the decoder without matching everything. > Are you using the exact decoder that Viktor posted? Or is there more > there that might be getting in the way? The logs look basically the > same. Here are my decoders: <decoder name="custom-checkpoint-fw"> <prematch>"\d+" "\d+\w+\d+" "\d+:\d+:\d+" "(\S+)" "CHCKPNT1"</prematch> <regex offset="after_prematch">"\w+" "(\w+)" "\S+" "(\d+)" "(\S+)" "(\w+)" "(\w+)"</regex> <order>action,srcport,srcip,dstip,protocol</order> </decoder>
