Hello, I've got a following regex rule:
<regex>NTC|WRN|ERR|ALE|???</regex> When ossec gets the next log row I think does not need to match it: Aug 12 11:33:13 ns3 esa[8574]: Support action ferrastrate has been activated. But <regex> is case insensitive and I got false positive alerts (f*err*astrate). How can I force case sensitive regex match? Thank you, -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
