WikiPage Keyword Filtering modified by John Landers

John Landers — Wed, 16 Nov 2011 18:17:01 -0000

WikiPage Filtering modified by John Landers

John Landers — Wed, 16 Nov 2011 18:16:26 -0000

Filtering The dashboard allows you to filter/search based on keywords or regular expressions. This wiki entry helps to clarify how this process works. 1. General Knowledge The code that determines a match is contained in the Alerts class (resources/Classes/Alerts.class.php). The method is this: ~~~~~ _alertGroup . $this->_alertSystemSource . $this->_alertLogSource . $this->_alertRuleID . $this->_alertRuleMsg . $this->_origMsg); } else { return stristr($this->_alertGroup . $this->_alertSystemSource . $this->_alertLogSource . $this->_alertRuleID . $this->_alertRuleMsg . $this->_origMsg, $pattern); } } ?> ~~~~~ The method returns true if the found alert is a match to what we want, and returns false otherwise. As I'm sure you can also see here, this is a pretty simplistic way to do things. I do intend to expand on this in the future. 2. Keyword Matching You can type whatever you want in the filter box and a case insensitive string match is applied to all parts of the found alert. If it's a match, you'll see it in your results. 3. Regular Expressions Regular expressions are deemed as any keyword entry that begins with a /. The whole entry is evaluated as a pattern given to the PHP preg_match() function. For example: /clamav.*update/i It's important to note that you need to match the preg_match() requirements. Ref: www.php.net/preg_match

Recent changes to Keyword Filtering

WikiPage Keyword Filtering modified by John Landers

WikiPage Filtering modified by John Landers