Maybe, ok i'll try it. Later i will post the expression if i get it. Thanks.
On Thursday, December 8, 2016 at 1:58:27 PM UTC-3, Jochen Schalanda wrote: > > Hi Martin, > > your regular expression has to work with Java's regular expression engine. > > You can use http://www.regexplanet.com/advanced/java/index.html to fiddle > around with the regular expression and your message. > > Cheers, > Jochen > > On Thursday, 8 December 2016 17:36:24 UTC+1, Martin Germano wrote: >> >> >> Hi Jochen, for example this msg: >> >> "date=2016-12-07 time=17:43:01 logid=0262034961 type=utm* subtype=virus* >> eventtype=scanerror level=notice vd="root" *msg="File* reached >> uncompressed size limit." action=monitored service=HTTP sessionid=3723464* >> srcip=1.1.1.1 dstip=2.2.2.2* srcport=17633 dstport=80 srcintf="port1" >> dstintf="port2" proto=6 direction=incoming >> filename="2017-calendar-template.zip" quarskip=No-skip url=" >> http://downloadscdn3.freepik.com/d/911040/1107/1/212/2017-calendar-template.zip?ttl=1481143658&token=24b45d89f0dbd3e92d1fe274ff03cb87"; >> >> profile="default" user="" agent="Mozilla/5.0" >> analyticscksum="f08144093ffdea250ba225babade9e25e5e9f399dd93bdc21fa9b5fd49efc050" >> >> analyticssubmit=false crscore=50 crlevel=critical" >> >> i put in bold letters all matches. >> >> Regex: >> (srcip=)|(dstip=)|(subtype=virus)|(attack=[^\s]+)|(msg=[^\s]+)|(\d{*.}\d)|\b(?:\d{1,3}\.){3}\d{1,3} >> >> i use this online software: http://regexr.com/ >> >> >> >> Thanks. >> >> >> >> On Thursday, December 8, 2016 at 7:25:44 AM UTC-3, Jochen Schalanda wrote: >>> >>> Hi Martin, >>> >>> which message should be matched by this regular expression and what >>> should be the result in your opinion? >>> >>> It looks a bit strange to me. >>> >>> Cheers, >>> Jochen >>> >>> On Wednesday, 7 December 2016 22:33:42 UTC+1, Martin Germano wrote: >>>> >>>> >>>> Hi all, i newby on Graylog: >>>> >>>> I try to get works this regex: >>>> >>>> >>>>> (srcip=)|(dstip=)|(subtype=virus)|(attack=[^\s]+)|(msg=[^\s]+)|(\d{*.}\d)|\b(?:\d{1,3}\.){3}\d{1,3} >>>>> >>>> >>>> I get this error: >>>> >>>> *Could not try regular expression. Make sure that it is valid.* >>>> >>>> *Details: Error: cannot POST >>>> http://10.10.10.10:13900/tools/regex_tester >>>> <http://10.10.10.10:13900/tools/regex_tester> (500)* >>>> >>>> But, when i get test on this on line tool, works fine. >>>> >>>> https://regex101.com/ (java script) >>>> >>>> Any ideas?! >>>> Thanks. >>>> >>>> >>>> >>>> >>>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6ebc3778-d400-4ab8-a0d4-6e0b76ef830d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
