Re: Help with filters please
On Thu, 24 Feb 2005 23:39:55 -0500, Chris [EMAIL PROTECTED] wrote: [attack dropped]|scan dropped]|[sppf dropped] TextYes This probably isn't the problem, but you're missing a '[' before scan. Yeah; I manually typed it into the msg - they're in the actual filter, though. -- Happy flappin'! Corne' (aka Cory, The Batdmin) Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with filters please
On Tue, 22 Feb 2005 13:13:17 +, Marck D Pearlstone [EMAIL PROTECTED] wrote: log-fw Sender Yes alert Subject Yes [scan|attack] dropped TextYes On v2.12.00 this did the trick: log-fw Sender Yes alert Subject Yes [attack dropped]|scan dropped]|[sppf dropped] TextYes Apparently, using the | in between []'s isn't working - on v2.12.00. I'd say I had used this in my tests before, but alas... thanks again, Marck. -- Happy flappin'! Corne' (aka Cory, The Batdmin) Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with filters please
Cory @ 2005-Feb-24 4:27:14 AM Help with filters please mid:[EMAIL PROTECTED] [attack dropped]|scan dropped]|[sppf dropped] TextYes This probably isn't the problem, but you're missing a '[' before scan. -- Chris Quoting when replying to this message is good for your karma. Using The Bat! v3.0.1.33 on Windows XP 5.1 Build 2600 Service Pack 2 Accessing a POP3 mailbox. I'd love to go out with you, but I have to stay home and see if I snore. pgpI9kNcsFuFD.pgp Description: PGP signature Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with filters please
On Tue, 22 Feb 2005 13:13:17 +, Marck D Pearlstone [EMAIL PROTECTED] wrote: I can try ... although you don't say which version you are using. Thank you Marck - I omitted I'm at v2.12.00 Filter text matching is case insensitive by default. Aha, I thought so but my filtering results seemed contrary. Ah - well, [] and Regex cannot be used together. And I'm not sure that this applies in the same way to V3 filters. Sounds like you're using v2. This is not going to make it easy since nobody can test your filters or supply you with one. Nobody using v2 anymore? Mhhh... (I'm not going to repeat the discussion, but as long as there's no solution for a number of existing bugs and HTML editing isn't improving, I see no reason to spend -corporate- money) That is a mess I'm afraid. You can't combine wildcards with regex as you have done here. Yeah, I was afraid so :-\ log-fw Sender Yes alert Subject Yes [scan|attack] dropped TextYes The filter is now as above, let's see how that works out (I didn't try any text outside the []'s, as I thought that would really not work at all with the space in there) ... (+ Alternative) ... I realized I could have used Alternatives, but that requires repeating the first two strings ... I hate redundancy :-) Like I say - I don't have v1/2 or the v1/2 help file to verify any of the advice here. Much appreciated anyway!! I'll update in a few hours (hopefully) -- Happy flappin'! Corne' (aka Cory, The Batdmin) Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Help with filters please
Hi @ll, Could someone please give me a hint on how to work this out? I want to set up filtering for log messages where sender and subject contain similar strings, and body text contains (non-) capitalized lowercase phrases like scan dropped and Attack Dropped. The use of [] and | isn't all that clear to me, and wildcards combined with regular expressions enabled isn't doing the trick either... This set: log-fw Sender Yes alert|Alert Subject Yes [?can ?ropped]|[?ttack ?ropped] TextYes ...isn't hitting any msg, Anyone? TIA! -- Happy flappin'! Corne' (aka Cory, The Batdmin) Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with filters please
Dear Cory, @22-Feb-2005, 11:16 +0100 (22-Feb 10:16 UK time) Cory [C] in mid:[EMAIL PROTECTED] said: C Could someone please give me a hint on how to work this out? I can try ... although you don't say which version you are using. C I want to set up filtering for log messages where sender and C subject contain similar strings, and body text contains (non-) C capitalized lowercase phrases like scan dropped and Attack C Dropped. Filter text matching is case insensitive by default. C The use of [] and | isn't all that clear to me, and wildcards C combined with regular expressions enabled isn't doing the trick C either... Ah - well, [] and Regex cannot be used together. And I'm not sure that this applies in the same way to V3 filters. Sounds like you're using v2. This is not going to make it easy since nobody can test your filters or supply you with one. C This set: C log-fw Sender Yes C alert|Alert Subject Yes C [?can ?ropped]|[?ttack ?ropped] C TextYes C ...isn't hitting any msg, That is a mess I'm afraid. You can't combine wildcards with regex as you have done here. Since the matching is case insensitive, just put the real characters in instead of the ? characters. V3 would eat this for breakfast. Try one or all of these: (1) log-fw Sender Yes alert Subject Yes [scan|attack] dropped TextYes (2) log-fw Sender Yes alert Subject Yes scan dropped|attack dropped TextYes (3) log-fw Sender Yes alert Subject Yes scan droppedTextYes (+ Alternative) log-fw Sender Yes alert Subject Yes attack dropped TextYes Like I say - I don't have v1/2 or the v1/2 help file to verify any of the advice here. -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.0.2.10 on Windows XP 5.1.2600 Service Pack 2 ' pgpSzdFG6MD3Z.pgp Description: PGP signature Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
