Dear Cory, @22-Feb-2005, 11:16 +0100 (22-Feb 10:16 UK time) Cory [C] in mid:[EMAIL PROTECTED] said:
C> Could someone please give me a hint on how to work this out? I can try ... although you don't say which version you are using. C> I want to set up filtering for log messages where sender and C> subject contain similar strings, and body text contains (non-) C> capitalized lowercase phrases like "scan dropped" and "Attack C> Dropped". Filter text matching is case insensitive by default. C> The use of [] and "|" isn't all that clear to me, and wildcards C> combined with "regular expressions" enabled isn't doing the trick C> either... Ah - well, [] and Regex cannot be used together. And I'm not sure that this applies in the same way to V3 filters. Sounds like you're using v2. This is not going to make it easy since nobody can test your filters or supply you with one. C> This set: C> log-fw Sender Yes C> alert|Alert Subject Yes C> [?can ?ropped]|[?ttack ?ropped] C> Text Yes C> ...isn't hitting any msg, That is a mess I'm afraid. You can't combine wildcards with regex as you have done here. Since the matching is case insensitive, just put the real characters in instead of the ? characters. V3 would eat this for breakfast. Try one or all of these: (1) log-fw Sender Yes alert Subject Yes [scan|attack] dropped Text Yes (2) log-fw Sender Yes alert Subject Yes scan dropped|attack dropped Text Yes (3) log-fw Sender Yes alert Subject Yes scan dropped Text Yes (+ Alternative) log-fw Sender Yes alert Subject Yes attack dropped Text Yes Like I say - I don't have v1/2 or the v1/2 help file to verify any of the advice here. -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.0.2.10 on Windows XP 5.1.2600 Service Pack 2 '
pgpSzdFG6MD3Z.pgp
Description: PGP signature
________________________________________________ Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html