Menu
▾
▴
[Assp-test] Antwort: Re: Antwort: Re: fixes and news in 2.0.2_3.0.01
|
From: Thomas E. <Tho...@th...> - 2011-02-26 09:56:52
|
>Might you be able to modify the 4th parameter such that unless it starts >with a minus sign surrounded by parentethes (-) It will ADD to the >predefined filter in the GUI? The (-) is hard to implement - but I think this will do the job like you want. At least the regex overwrites the default (GUI) BlockReportFilter - but if needed, it could be (re)included. If an admin emails a block report request and specifies a filter in the subject of the email and a fourth parameter in the body, both regular expressions will be merged in to a single regex for each line.<br /> If you or a user want the default BlockReportFilter to become part of the overwrite regex, the literal \'$BRF\' should be inluded in the regex like:<br /> *@domain=>*=>14=>virus|$BRF|newsletter - or even in the subject of the email<br /> In this case the literal \'$BRF\' will be replaced by the BlockReportFilter.<br /> Thomas Von: K Post <nnt...@gm...> An: ASSP development mailing list <ass...@li...> Datum: 25.02.2011 15:47 Betreff: Re: [Assp-test] Antwort: Re: fixes and news in 2.0.2_3.0.01 Ah, for block reports, I didn't know that admins could specify a filter in the subject of the request! Good feature. I would change: If both, the fourth parameter and the extension in the subject, are defined, both regular expressions will be merged in to a single regex for each line to: If an admin emails a block report request and specifies a filter in the subject of the email and a fourth parameter in the body, both regular expressions will be merged in to a single regex for each line With this new 4th parameter, I can now change the line in the scheduled report that sends a report to me for everything that was blocked to filter out the users that I don't want to know about (like that user who puts her email address all over the place online), without making this global for regular users! Awesome. One issue with the new 4th parameter is that if a user uses it, they'll replace the built in filter. For example, by default, we don't send the hundreds of spambombs that are blocked daily. But with the way you have the 4th parameter implemented now, it replaces this filter. So if I user sends in a 4th parameter as "blabla" they won't get lines that have blabla in them, but now they will get all of the bombs, which are abundant. Worse, if scheduled reports, where I would be sending daily reports to specific users, I'd need to have the same filter over and over for users who want specific things not reported. Might you be able to modify the 4th parameter such that unless it starts with a minus sign surrounded by parentethes (-) It will ADD to the predefined filter in the GUI? This would let users email in requests and remove what they don't want, without adding stuff that we've filtered out (like spambombs). This would makes the scheduled file easier to mainatin, you have a single place to specify the global filter in the gui and then just modify specific lines to add to that. I know that a smart user would be able to write a complex bayesian filter to be sent in via email, but, being as polite as possible, most of my users aren't smart.... With my proposal, a 4th parameter of: blabla would really do a regex of blabla|whatevertheguifilteris Then if a user really wants only what they specify filtered, ignoring the build in filter, they could do the 4th parameter like: (-)blabla Also, in the groups section, I'd change: Groups are defined and used using the same syntax [group-name] in a single line. to: Groups are defined and used using the same syntax [group-name] (including the brackets) in a single line Thanks again for all of this. Makes a big day to day difference for me. ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Assp-test mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* |