case sensitive match / regex rules
103 views
Skip to first unread message
Barnaby Cockcroft
Sep 25, 2008, 10:26:16 PM9/25/08
to ossec...@ossec.net
Maybe I’m misunderstanding something.
<match>ERROR</match> matches ERROR and error
<regex>^\.*ERROR\.*$</regex> matches “blah ERROR blah” and “blah error blah”
I’d really like to be able to match capitalized ERROR and not match lower case error – that was one (perhaps not very clever) trick the developers of this application chose to distinguish between a big and a small error.
Does ossec have case-insensitivity built into everything it does? Is there any way to get around this?
Thanks,
Barnaby
Peter M. Abraham
Oct 3, 2008, 10:39:54 AM10/3/08
to ossec-list
Greetings Barnaby:
By using google.com with site:ossec.net "case insensitive" it appears
<match> is indeed case insensitive; I don't know a way around this
issue.
Thank you.
By using google.com with site:ossec.net "case insensitive" it appears
<match> is indeed case insensitive; I don't know a way around this
issue.
Thank you.
Reply all
Reply to author
Forward
0 new messages