ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

csf.fignore regex issue

https://mail.forum.configserver.com/viewtopic.php?t=10186

Page 1 of 1

csf.fignore regex issue

Posted: 17 Apr 2017, 14:16
by ibertrix
Hi,

I´m trying to ignore the following type of alert:

Time: Mon Apr 17 03:43:59 2017 +0200
File: /tmp/.xcloner-b80c1
Reason: Suspicious directory
Owner: myuser:myuser (563:575)
Action: No action taken

All alerts start with /tmp/.xcloner-

I have added this to csf.fignore but no go:

/tmp/\.^xcloner

any help?

Re: csf.fignore regex issue

Posted: 17 Apr 2017, 20:17
by Sergio
Why did you add the caret ""^" before the "x" ?

The line that you wrote:
File: /tmp/.xcloner-b80c1
doesn't show any "^", may be you should write:
/tmp/.xcloner
or:
\/tmp\/\.xcloner
if you need to escape the characters.

Re: csf.fignore regex issue

Posted: 17 Apr 2017, 20:42
by ibertrix
The file csf.fignore says you can use perl regular expression pattern. I searched around and I found this website:

https://www.cs.tut.fi/~jkorpela/perl/regexp.html

so I used ^ character as the string starts (but not ends with xcloner).

I will try to suggestions

Re: csf.fignore regex issue

Posted: 17 Apr 2017, 21:14
by Sergio
Ok, that character is only for the start of a line, but the start of the line was "/tmp".
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited