Hi *, I was implementing new rules with lookups against CDB lists using the 'match_key_value'. The goal is to look up a key AND the associated value with a regex. Example:
<list field="user" lookup="match_key_value" check_value="^admin">lists/users</list> After lot of tests and coffee, it was impossible make this rule work! And for a good reason: the source code contained: case LR_STRING_MATCH_VALUE: //debug1("LR_STRING_MATCH_VALUE"); // XXX TODO return 0; break; This was also reported in a previous port in July 2012 ( https://groups.google.com/forum/#!msg/ossec-list/EeO8uuV-TYc/Y9U_VoztlBgJ) I really needed this feature and wrote a patch to implement it (attached to this message). It is based on a stock 2.7 source tree and only one file must be patched. I tested it, working for me! /x -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
lists_list.c.patch
Description: Binary data