SEC issue on regex recog
Hi, I'm new to this forum and I need some explanation about the using of te regular expressions to gathering information, using SEC, on the logs coming from remote machines via syslog.
I built regular expressions using RegexBuddy and I wrote them inside the .sec files.
It seems that some of them work others not.
This is because I generate different logs files based on the log lines coming and the files related to thpse rules are empty.
So I check in RegexBuddy the regexpr rule against the line of log and it match and return the groups I need to gather , but when it runs into SEC nothins is catched.
The line of log and the regexpr string are written down, can anyone help to solve this issue, please.
Thank you! :confused:
Hello and welcome to the forums, velegi! :)
Sorry, but this is an "English only" forum, and all portions of posts must be in English only:
I've edited out the non-English portion of your post, but you can repost it if you'll translate it into English only.
the non-english text is the data and it are not to be understand, just for using them to try to understand why the regexpr in not working when used in SEC and it is correctly recognized using RegexBuddy!!!!
So, I think I'm not breaking the rules! I'm a guy That I'm searching for an answer and the language I'm testing in the logs is ITALIAN and ENGLISH, the log I try to parsing naow is in italian and this is the DATA I want to match!