Yes and it did not match. What I do not understand as the ossec-regex tool show "matched" if I am not wrong :
# /var/ossec/bin/ossec-regex '.jpg?\d+' XXX.XXX.XXX.XXX - - [04/May/2018:14:14:18 +0200] "GET /files/pictures/brands/logo/40/40-mini.cc3b.jpg?78 HTTP/1.1" 401 381 +OSRegex_Execute: XXX.XXX.XXX.XXX - - [04/May/2018:14:14:18 +0200] "GET /files/pictures/brands/logo/40/40-mini.cc3b.jpg?78 HTTP/1.1" 401 381 +OS_Regex : XXX.XXX.XXX.XXX - - [04/May/2018:14:14:18 +0200] "GET /files/pictures/brands/logo/40/40-mini.cc3b.jpg?78 HTTP/1.1" 401 381 Thx! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.