Element: patterns

Location

/patterndb/ruleset/rules/rule/patterns

Description

An element containing the patterns of the rule. If a element contains multiple *lements, the class of the *»>ssigned to every syslog message matching any of the patterns.

Attributes

N/A

Children

pattern: A pattern describing a log message. This element is also called message pattern. For example:
```
    <pattern>+ ??? root-</pattern>
```
Note
Support for XML entities is limited, you can use only the following entities: \& \< \> \" \'. User-defined entities are not supported.
description: OPTIONAL — A description of the pattern or the log message matching the pattern.
urls
values
examples

Example

   <patterns>
        <pattern>Accepted @QSTRING:SSH.AUTH_METHOD: @ for@QSTRING:SSH_USERNAME: @from\ @QSTRING:SSH_CLIENT_ADDRESS: @port @NUMBER:SSH_PORT_NUMBER:@ ssh2</pattern>
    </patterns>

Last modified July 2, 2023: Change highlight mode of code examples (2f8a959)

Element: patterns

Location

Description

Attributes

Children

Note

Example