On Aug 9, 2013 4:46 PM, "David Blanton" <[email protected]> wrote: > > >What data are you trying to shove into variables? That's what your > >regex will be concerned with. > > I just want to echo the 'Attempt number', the server name, and the fact that the socket/connection was not made. > > What would the difference between after_regex and after_prematch be? Is after_prematch displaying the log information after the prematch?
After prematch would start after the prematch, and after regex (is that a thing?) would start after the regex. > For example, I have to match the information post ::\S+:\S+\S+ using the variables, or can I manipulate how the log is displayed with my own variables > and using <order>? Regex and order pull information to be used in rules. > I have no idea what after_regex does. I think once I understand those two I can start to play around and figure things out on my own more. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
