[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] regex problem in OSSEC?

To: <ossec-list@xxxxxxxxx>
Subject: [ossec-list] regex problem in OSSEC?
From: "Mark Haney" <mhaney@xxxxxxxxxxxxxxxx>
Date: Thu, 08 Feb 2007 09:09:36 -0500
Content-class: urn:content-classes:message
Content-transfer-encoding: 7bit
Importance: normal
Priority: normal
Thread-index: AcdLisM0jnhl/103QEqxcLe0brz5Qw==

I've encountered what I think is a problem in OSSEC with regularexpressions. I have a rule that looks like this:


<rule id="1820" level="8" timeframe="30">
	  <regex>partially</regex>
	  <if_matched_regex>completed, but with some warnings$</if_matched_regex>
	  <description>Partial backup of data</description>
  </rule>

However, the regex searching for 'partially' doesn't fire at all if Itake out the <if> part. Shouldn't the <regex> tag work like a <match>tag if there aren't any regex meta characters?



--
Ita erat quando hic adveni.

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Follow-Ups:
- [ossec-list] Re: regex problem in OSSEC?
  - From: Daniel Cid

Prev by Date: [ossec-list] Question
Next by Date: [ossec-list] Re: regex problem in OSSEC?
Previous by thread: [ossec-list] Re: Question
Next by thread: [ossec-list] Re: regex problem in OSSEC?
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.