SourceForge has been redesigned. Learn more.
Close

User Activity

  • Modified a comment on discussion snare-users on Snare Lite (SIEM & Logging Software)

    A plain old "*$" exclusion should work for you, based on the comments from the dev team. I've implemented a (horribly simplified/cut down) proof of concept here: https://onlinegdb.com/HyIsG7qxM .. just to make sure the code is doing what I think it's doing. The line in particular: if(wildmatch("*$","Testing$",1)) { ... is doing the check - it returns a "Yep match found" when I ask it to compare "*$" and "Testing$". The order of objective matches is important in the agent - can you make sure that...

  • Modified a comment on discussion snare-users on Snare Lite (SIEM & Logging Software)

    A plain old "*$" (without the space - blame sourceforge formatting) exclusion should work for you, based on the comments from the dev team. I've implemented a (horribly simplified/cut down) proof of concept here: https://onlinegdb.com/HyIsG7qxM .. just to make sure the code is doing what I think it's doing. The line in particular: if(wildmatch("*$","Testing$",1)) { ... is doing the check - it returns a "Yep match found" when I ask it to compare "*$" and "Testing$". The order of objective matches...

  • Posted a comment on discussion snare-users on Snare Lite (SIEM & Logging Software)

    A plain old "$" exclusion should work for you, based on the comments from the dev team. I've implemented a (horribly simplified/cut down) proof of concept here: https://onlinegdb.com/HyIsG7qxM .. just to make sure the code is doing what I think it's doing. The line in particular: if(wildmatch("*$","Testing$",1)) { ... is doing the check - it returns a "Yep match found" when I ask it to compare "*$" and "Testing$". The order of objective matches is important in the agent - can you make sure that the...

  • Posted a comment on discussion snare-users on Snare Lite (SIEM & Logging Software)

    Ahh, yes - you're correct. Apologies; I wrote the piece of code many years ago that does the user match exclusion (and probably that text in the guide), and I still forgot that it was a wildcard match! I'll check with the current devs to see whether they have suggestions.

  • Modified a comment on discussion snare-users on Snare Lite (SIEM & Logging Software)

    Heya, Try the following: (^.\$$|^abc.def$|^ghi.*) [EDIT: That regex isn't displaying correctly in sourceforge even though it's ok when I edit the reply... please see link for correct regex) https://regex101.com/r/Ioclr5/1

  • Posted a comment on discussion snare-users on Snare Lite (SIEM & Logging Software)

    Heya, Try the following: (^.\$$|^abc.def$|^ghi.*) https://regex101.com/r/Ioclr5/1

  • Posted a comment on ticket #37 on Snare Lite (SIEM & Logging Software)

    G'day David, Correct on both counts. No, outside of the source code itself, there...

  • Posted a comment on ticket #37 on Snare Lite (SIEM & Logging Software)

    G'day David, If the 'take control of your eventlog configuration' option is turned...

View All

Personal Data

Username:
redphoenix
Joined:
2001-11-07 07:57:48

Projects

Skills

  • No skills entered.

Personal Tools