projects / ossec-hids.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
new upstream release (3.3.0); modify package compatibility for Stretch
[ossec-hids.git] / src / os_regex / examples / tests / true.regex
1 "\s+123" "  123"
2 "\s*123" "123"
3 "\s123" " 123"
4 "\w+\s+\w+" "a 1"
5 "\w+\d+\w+\s+" "ab12fb12fd12 "
6 "^\s*\w\s*\w+" "a   l a  a"
7 "\w+\s+\w+\d+\s\$" "a aa11 "
8 "^su\S*: BAD su" "su: BAD SU dcid to root on /dev/ttyp0"
9 "^su\s*: BAD su" "su: BAD SU dcid to root on /dev/ttyp0"
10 "^abc\sabc" "abc abcd"
11 "^abc\s\s*abc" "abc abcd"
12 "^\s+\sl" "     lala"
13 "^\s*\sl" "     lala"
14 "^\s\s+l" "     lala"
15 "^\s+\s l" "     lala"
16 "^\s*\s lal\w\$" "  lala"
17 "test123test\d+\$" "test123test123"
18 "^kernel: \S+ \.+ SRC=\S+ DST=\S+ \.+ PROTO=\w+ SPT=\d+ DPT=\d+ " "kernel: IPTABLE IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:03:93:db:2e:b4:08:00 SRC=10.4.11.40 DST=255.255.255.255 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=4753 PROTO=UDP SPT=49320 DPT=2222 LEN=160"
19 "test (\w+)la" "test abclala"
20 "(\w+) (\w+)" "wofl wofl"
21 "^\S+ [(\d+:\d+:\d+)] \.+ (\d+.\d+.\d+.\d+)\p*\d* -> (\d+.\d+.\d+.\d+)\p*" "snort: [1:469:3] ICMP PING NMAP [Classification: Attempted Information Leak] [Priority: 2]: {ICMP} 10.4.12.26 -> 10.4.10.231"
22 "^\S+ [(\d+:\d+:\d+)] \.+ (\d+.\d+.\d+.\d+)\p*\d* -> (\d+.\d+.\d+.\d+)\p*" "snort: [1:408:5] ICMP Echo Reply [Classification: Misc Activity] [Priority: 3]: {ICMP} 10.4.10.231 -> 10.4.12.26"
23 "^\S+ [(\d+:\d+:\d+)] \.+ (\d+.\d+.\d+.\d+)\p*\d* -> (\d+.\d+.\d+.\d+)\p*" "snort: [1:1420:11] SNMP trap tcp [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 10.4.12.26:37020 -> 10.4.10.231:162"
24 "^\S+ [(\d+:\d+:\d+)] \.+ (\d+.\d+.\d+.\d+)\p*\d* -> (\d+.\d+.\d+.\d+)\p*" "snort: [1:1420:11] SNMP trap tcp [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 10.4.12.26:37021 -> 10.4.10.231:162"
25 "^\S+ [(\d+:\d+:\d+)] \.+ (\d+.\d+.\d+.\d+)\p*\d* -> (\d+.\d+.\d+.\d+)\p*" "snort: [1:590:12] RPC portmap ypserv request UDP [Classification: Decode of an RPC Query] [Priority: 2]: {UDP} 10.4.11.94:669 -> 10.4.3.20:111"
26 "^\S+ [(\d+:\d+:\d+)] \.+ (\d+.\d+.\d+.\d+)\p*\d* -> (\d+.\d+.\d+.\d+)\p*" "snort: [1:590:12] RPC portmap ypserv request UDP [Classification: Decode of an RPC Query] [Priority: 2]: {UDP} 10.4.11.94:670 -> 10.4.3.20:111"
27 "^\S+ [(\d+:\d+:\d+)] \.+ (\d+.\d+.\d+.\d+)\p*\d* -> (\d+.\d+.\d+.\d+)\p*" "snort: [1:1421:11] SNMP AgentX/tcp request [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 10.4.12.26:37020 -> 10.4.10.231:705"
ossec-hids