翻译:http://ossec-docs.readthedocs.io/en/latest/syntax/regex.html
正则语法
目前,OSSEC支持正则表达式语法:
OS_Regex或正则表达式
OS_Match或sregex
在c语言中,快速而简单的正则表达式库。
这个库的设计很简单,但是支持最常用的正则表达式。它在设计时考虑了入侵检测系统,
支持表达式:
\w -> A-Z, a-z, 0-9, '-', '@' 字符
\d -> 0-9
\s -> For spaces " "
\t -> For tabs.
\p -> ()*+,-.:;<=>?[]!"'#$%&|{} (标点符号)
\W -> For anything not \w
\D -> For anything not \d
\S -> For anything not \s
\. -> For anything 修饰符
+ -> To match one or more times (eg \w+ or \d+)
* -> To match zero or more times (eg \w* or \p*) 特殊字符
^ -> To specify the beginning of the text.
$ -> To specify the end of the text.
| -> To create an "OR" between multiple patterns. $ -> \$
( -> \(
) -> \)
\ -> \\
| -> \| ^ -> To specify the beginning of the text.
$ -> To specify the end of the text.
| -> To create an "OR" between multiple patterns. ![OSSEC Agent和Server无法连接的常用检查流程[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)