Hi everyone!
I'm having an issue when using the pipe ("|") character in my regex
matching rules.
As an example, I want to match error_log AND error.log so I wrote this
regex : <regex>error(\.|_)log</regex>
The problem is that when I test it, I have an error:
cat /root/rule_tests/unknown_error.txt | /var/ossec/bin/ossec-logtest
2013/03/14 10:15:12 ossec-testrule: INFO: Reading local decoder file.
2013/03/14 10:15:12 ossec-analysisd(1450): ERROR: Syntax error on regex:
'error(\.|_)log': 7.
2013/03/14 10:15:12 ossec-testrule(1220): ERROR: Error loading the rules:
'local_rules.xml'.
I saw in this page that it is possible to use the "|" special char but I
don't manage do use it properly.
Do you have some info to give on that problem?
Best regards
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
