{tbl.open,width:100%,align:center,heading:Create Import Filter}
Filter Name
Filter Description
Regular Expression
  
{buttonDisplay1("Create Filter")}
{tbl.close}
{tbl.open,width:100%,align:center,heading:Filter Help} What are filters?
Filters use the extremely powerful and common regular expression language to parse and extract specific strings of text from incoming syslog data.

What are regular expressions?
A regular expression is a special text language which uses specific rules and syntax to locate and match text.

Why regular expressions?
Regular expressions input into the provided fields will allow the system to properly normalize incoming syslog data for use within the console.

--

Saving changes to your regular expressions will display the results of those expressions as tested against the Sample Data field provided. Use this to fine tune your expressions to be as accurate as possible.

The following is a few sample regular expressions which may help get you started.

Expression "((?<=SRC=)[0-9.]+)" matches "SRC=192.168.0.177"

Expression "((?<=SRC=)[0-9.]+)||((?<=Source:)[0-9.]+)" matches "SRC=192.168.2.1" or "Source:12.34.56.131"

Expression ".*" matches the entire line (useful for payload)

More complicated expressions may be required for IP and Port combinations which need multiple expressions run one after another. The "~~" separator feature may be used to create a chain of expressions, in which the output of the previous becomes the input of the next. * Most commonly called "piping" data.

Regular expression "((?<=SRC=)[0-9.\/]+)~~((?<=\/)[0-9]+)" matches "110" of SRC=192.168.0.177/110

For help with regular expressions, you may visit the Aanval news group, use the Aanval mailing list or use your favorite search engine to locate examples and learning materials.

{tbl.close}