correct, I think that it is.
On Wed, Jan 27, 2016 at 11:06 PM, Fredrik wrote:
> Hi Santiago!
>
>
> Thanks for your input. As you pointed out the \D+ is out of place and I
> couldn't figure out why that would match whereas the latter regex, that I
> believed to be more
Agree with Dan, also double check the regexes, as it looks like there are
some inconsistencies at the end. I don't think that \D+ is in the right
place.
Best
On Wed, Jan 27, 2016 at 7:08 AM, dan (ddp) wrote:
>
> On Jan 27, 2016 10:06 AM, "Fredrik"
Thanks Dan! I obviously didn't realize that this was the case :( This means
that I should create a regex that take the missing entry part into account
and hence matches: Jan 27 9:32:28 st4600fw01n1 not the full string I
was aiming for? This would then explain the, from my point of view,
Hi Santiago!
Thanks for your input. As you pointed out the \D+ is out of place and I
couldn't figure out why that would match whereas the latter regex, that I
believed to be more complete, wouldn't. With input from Dan and yourself, I
realize that OSSEC is offering a helping hand in stripping
HI All,
Been working on a regex to match highlighted part of the (event) string
below:
*Jan 27 09:41:01 127.0.0.1 Jan 27 9:32:28 st4600fw01n1 *allow http://www.aliveproxy.com/; proxy_src_ip: 192.168.1.15 product: Application
Control; service: http; s_port: 58579; product_family: Network;
...