翻譯:http://ossec-docs.readthedocs.io/en/latest/syntax/regex.html
正則文法
目前,OSSEC支援正規表達式文法:
OS_Regex或正規表達式
OS_Match或sregex
在c語言中,快速而簡單的正規表達式庫。
這個庫的設計很簡單,但是支援最常用的正規表達式。它在設計時考慮了入侵檢測系統,
支援表達式:
\w -> A-Z, a-z, 0-9, '-', '@' 字元
\d -> 0-9
\s -> For spaces " "
\t -> For tabs.
\p -> ()*+,-.:;<=>?[]!"'#$%&|{} (标點符号)
\W -> For anything not \w
\D -> For anything not \d
\S -> For anything not \s
\. -> For anything 修飾符
+ -> To match one or more times (eg \w+ or \d+)
* -> To match zero or more times (eg \w* or \p*) 特殊字元
^ -> To specify the beginning of the text.
$ -> To specify the end of the text.
| -> To create an "OR" between multiple patterns. $ -> \$
( -> \(
) -> \)
\ -> \\
| -> \| ^ -> To specify the beginning of the text.
$ -> To specify the end of the text.
| -> To create an "OR" between multiple patterns. ![OSSEC Agent和Server無法連接配接的常用檢查流程[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)