Element: rule

Location

/patterndb/ruleset/rules/rule

Description

An element containing message patterns and how a message that matches these patterns is classified.

Note

If the following characters appear in the message, they must be escaped in the rule as follows:

@: Use @@, for example, user@@example.com
<: Use \<
>: Use \>
&: Use \&

The element may contain any number of elements.

Attributes

provider: The provider of the rule. This is used to distinguish between who supplied the rule, that is, if it has been created by Axoflow, or added to the XML by a local user.
id: The globally unique ID of the rule.
class: The class of the rule — this class is assigned to the messages matching a pattern of this rule.

Children

patterns

Example

   <rule provider='example' id='f57196aa-75fd-11dd-9bba-001e6806451b' class='violation'>

The following example specifies attributes for correlating messages as well. For details on correlating messages, see Correlating log messages using pattern databases.

   <rule provider='example' id='f57196aa-75fd-11dd-9bba-001e6806451b' class='violation' context-id='same-session' context-scope='process' context-timeout='360'>

Last modified July 2, 2023: Change highlight mode of code examples (2f8a959)