Element: patterns
Location
/patterndb/ruleset/rules/rule/patterns
Description
An element containing the patterns of the rule. If a
Attributes
N/A
Children
-
pattern: A pattern describing a log message. This element is also called
message pattern
. For example:<pattern>+ ??? root-</pattern>
Note Support for XML entities is limited, you can use only the following entities:\& \< \> \" \'
. User-defined entities are not supported. -
description: OPTIONAL — A description of the pattern or the log message matching the pattern.
-
urls
-
values
-
examples
Example
<patterns>
<pattern>Accepted @QSTRING:SSH.AUTH_METHOD: @ for@QSTRING:SSH_USERNAME: @from\ @QSTRING:SSH_CLIENT_ADDRESS: @port @NUMBER:SSH_PORT_NUMBER:@ ssh2</pattern>
</patterns>
Last modified July 2, 2023: Change highlight mode of code examples (2f8a959)