Dear Cory, @22-Feb-2005, 11:16 +0100 (22-Feb 10:16 UK time) Cory [C] in mid:[EMAIL PROTECTED] said:
C> Could someone please give me a hint on how to work this out?
I can try ... although you don't say which version you are using.
C> I want to set up filtering for log messages where sender and
C> subject contain similar strings, and body text contains (non-)
C> capitalized lowercase phrases like "scan dropped" and "Attack
C> Dropped".
Filter text matching is case insensitive by default.
C> The use of [] and "|" isn't all that clear to me, and wildcards
C> combined with "regular expressions" enabled isn't doing the trick
C> either...
Ah - well, [] and Regex cannot be used together. And I'm not sure that
this applies in the same way to V3 filters. Sounds like you're using
v2. This is not going to make it easy since nobody can test your
filters or supply you with one.
C> This set:
C> log-fw Sender Yes
C> alert|Alert Subject Yes
C> [?can ?ropped]|[?ttack ?ropped]
C> Text Yes
C> ...isn't hitting any msg,
That is a mess I'm afraid. You can't combine wildcards with regex as
you have done here. Since the matching is case insensitive, just put
the real characters in instead of the ? characters. V3 would eat this
for breakfast.
Try one or all of these:
(1)
log-fw Sender Yes
alert Subject Yes
[scan|attack] dropped Text Yes
(2)
log-fw Sender Yes
alert Subject Yes
scan dropped|attack dropped Text Yes
(3)
log-fw Sender Yes
alert Subject Yes
scan dropped Text Yes
(+ Alternative)
log-fw Sender Yes
alert Subject Yes
attack dropped Text Yes
Like I say - I don't have v1/2 or the v1/2 help file to verify any of
the advice here.
--
Cheers -- //.arck D Pearlstone -- List moderator and fellow end user
TB! v3.0.2.10 on Windows XP 5.1.2600 Service Pack 2
'
pgpSzdFG6MD3Z.pgp
Description: PGP signature
________________________________________________ Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
