and what means is
<extra_data> in rules?
support it Regular Expression Syntax ?
now my rules is
<group name="local,rsyslog,">
<rule id="1050001" level="7">
<decoded_as>rsyslog-pstats</decoded_as>
<regex>^\S+\s+\d+:\s+\S+\s+failed=(\d+)</regex>
<extra_data>^[1-9]+</extra_data>
<description>Rsyslog Failed</description>
</rule>
</group>
look like can not work?
thanks&Best Regards
发件人: root
发送时间: 2013-02-28 15:33
收件人: ossec-list
主题: about ossec rules Regular Expression Syntax
hi,all
I got a question,that is about about ossec rules Regular Expression Syntax .
we konw,when i want match the number,i can use "\d" or "\d+"
but now,if i has string like this
"failed=0"=="failed=(\d+)"
i want exclude "0", i use "failed=([1-9]+)",can not match it..
how can i do?
thanks&Best Regards
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
