Hi, could you give us a real example?.
Thanks On Wednesday, March 1, 2017 at 10:34:18 AM UTC-8, dan (ddpbsd) wrote: > > On Mon, Feb 27, 2017 at 2:50 PM, Jahchan, Georges J. > <gjah...@compucenter.org <javascript:>> wrote: > > That is not what I meant. > > > > If the source IP is decoded and stored in field srcip, I want to be able > to > > specify _srcip_ (or whatever convention used to tell regex that this is > a > > variable), and have _srcip_ replaced by the value saved as srcip in the > > event. > > > > If srcip is 10.0.0.1, specifying in the regex > > <regex>Some-regex-preceding-_srcip_-some regex tailing</regex> _srcip_ > in > > the regex would be dynamically replaced by its value (10.0.0.1) during > regex > > evaluation. > > > > There's no support for that. > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
