Hi *, I was implementing new rules with lookups against CDB lists using the 'match_key_value'. The goal is to look up a key AND the associated value with a regex. Example:
<list field="user" lookup="match_key_value"
check_value="^admin">lists/users</list>
After lot of tests and coffee, it was impossible make this rule work! And
for a good reason: the source code contained:
case LR_STRING_MATCH_VALUE:
//debug1("LR_STRING_MATCH_VALUE");
// XXX TODO
return 0;
break;
This was also reported in a previous port in July 2012 (
https://groups.google.com/forum/#!msg/ossec-list/EeO8uuV-TYc/Y9U_VoztlBgJ)
I really needed this feature and wrote a patch to implement it (attached to
this message). It is based on a stock 2.7 source tree and only one file
must be patched. I tested it, working for me!
/x
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
lists_list.c.patch
Description: Binary data
