found pipe = logical OR....
On Monday, March 28, 2016 at 3:11:30 PM UTC-4, Rob B wrote: > > PS. Almost forgot to add : > > What does this mean? ^1000$|^1002$ > > The "^" and the '$' before the pipe really has me perplexed. > > Thx. > > > > On Monday, March 28, 2016 at 3:07:30 PM UTC-4, Rob B wrote: >> >> Heya Folks, >> >> I've been looking for the docs that explain the difference between the >> use of the '|" and the "," when specifying the id numbers within a rule. I >> cant find anything that explains the use. >> >> Could someone explain to me the differences by way of use? or provide a >> link that I may have missed? >> >> >> >> Two arbitrary use case EXAMPLES of what I am after is: >> >> A.) Within sid 18103, look for id 12345 followed by 12346, followed by >> 12347 >> B.) Within sid 18103, look for id 11234 and 11254 >> >> >> Thank you! >> >> R.B. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
