-
- char *xml_group = "group";
- char *xml_rule = "rule";
-
- char *xml_regex = "regex";
- char *xml_match = "match";
- char *xml_decoded = "decoded_as";
- char *xml_category = "category";
- char *xml_cve = "cve";
- char *xml_info = "info";
- char *xml_day_time = "time";
- char *xml_week_day = "weekday";
- char *xml_comment = "description";
- char *xml_ignore = "ignore";
- char *xml_check_if_ignored = "check_if_ignored";
-
- char *xml_srcip = "srcip";
- char *xml_srcport = "srcport";
- char *xml_dstip = "dstip";
- char *xml_dstport = "dstport";
- char *xml_user = "user";
- char *xml_url = "url";
- char *xml_id = "id";
- char *xml_data = "extra_data";
- char *xml_hostname = "hostname";
- char *xml_program_name = "program_name";
- char *xml_status = "status";
- char *xml_action = "action";
- char *xml_compiled = "compiled_rule";
-
- char *xml_list = "list";
- char *xml_list_lookup = "lookup";
- char *xml_list_field = "field";
- char *xml_list_cvalue = "check_value";
- char *xml_match_key = "match_key";
- char *xml_not_match_key = "not_match_key";
- char *xml_match_key_value = "match_key_value";
- char *xml_address_key = "address_match_key";
- char *xml_not_address_key = "not_address_match_key";
- char *xml_address_key_value = "address_match_key_value";
-
- char *xml_if_sid = "if_sid";
- char *xml_if_group = "if_group";
- char *xml_if_level = "if_level";
- char *xml_fts = "if_fts";
-
- char *xml_if_matched_regex = "if_matched_regex";
- char *xml_if_matched_group = "if_matched_group";
- char *xml_if_matched_sid = "if_matched_sid";
-
- char *xml_same_source_ip = "same_source_ip";
- char *xml_same_src_port = "same_src_port";
- char *xml_same_dst_port = "same_dst_port";
- char *xml_same_user = "same_user";
- char *xml_same_location = "same_location";
- char *xml_same_id = "same_id";
- char *xml_dodiff = "check_diff";
-
- char *xml_different_url = "different_url";
-
- char *xml_notsame_source_ip = "not_same_source_ip";
- char *xml_notsame_user = "not_same_user";
- char *xml_notsame_agent = "not_same_agent";
- char *xml_notsame_id = "not_same_id";
-
- char *xml_options = "options";
-
+
+ const char *xml_group = "group";
+ const char *xml_rule = "rule";
+
+ const char *xml_regex = "regex";
+ const char *xml_pcre2 = "pcre2";
+ const char *xml_match = "match";
+ const char *xml_match_pcre2 = "match_pcre2";
+ const char *xml_decoded = "decoded_as";
+ const char *xml_category = "category";
+ const char *xml_cve = "cve";
+ const char *xml_info = "info";
+ const char *xml_day_time = "time";
+ const char *xml_week_day = "weekday";
+ const char *xml_comment = "description";
+ const char *xml_ignore = "ignore";
+ const char *xml_check_if_ignored = "check_if_ignored";
+
+ const char *xml_srcip = "srcip";
+ const char *xml_srcgeoip = "srcgeoip";
+ const char *xml_srcport = "srcport";
+ const char *xml_srcgeoip_pcre2 = "srcgeoip_pcre2";
+ const char *xml_srcport_pcre2 = "srcport_pcre2";
+ const char *xml_dstip = "dstip";
+ const char *xml_dstgeoip = "dstgeoip";
+ const char *xml_dstport = "dstport";
+ const char *xml_user = "user";
+ const char *xml_url = "url";
+ const char *xml_id = "id";
+ const char *xml_data = "extra_data";
+ const char *xml_hostname = "hostname";
+ const char *xml_program_name = "program_name";
+ const char *xml_status = "status";
+ const char *xml_dstgeoip_pcre2 = "dstgeoip_pcre2";
+ const char *xml_dstport_pcre2 = "dstport_pcre2";
+ const char *xml_user_pcre2 = "user_pcre2";
+ const char *xml_url_pcre2 = "url_pcre2";
+ const char *xml_id_pcre2 = "id_pcre2";
+ const char *xml_data_pcre2 = "extra_data_pcre2";
+ const char *xml_hostname_pcre2 = "hostname_pcre2";
+ const char *xml_program_name_pcre2 = "program_name_pcre2";
+ const char *xml_status_pcre2 = "status_pcre2";
+ const char *xml_action = "action";
+ const char *xml_compiled = "compiled_rule";
+ const char *xml_field = "field";
+ const char *xml_name = "name";
+
+
+ const char *xml_list = "list";
+ const char *xml_list_lookup = "lookup";
+ const char *xml_list_field = "field";
+ const char *xml_list_cvalue = "check_value";
+ const char *xml_match_key = "match_key";
+ const char *xml_not_match_key = "not_match_key";
+ const char *xml_match_key_value = "match_key_value";
+ const char *xml_address_key = "address_match_key";
+ const char *xml_not_address_key = "not_address_match_key";
+ const char *xml_address_key_value = "address_match_key_value";
+
+ const char *xml_if_sid = "if_sid";
+ const char *xml_if_group = "if_group";
+ const char *xml_if_level = "if_level";
+ const char *xml_fts = "if_fts";
+
+ const char *xml_if_matched_regex = "if_matched_regex";
+ const char *xml_if_matched_group = "if_matched_group";
+ const char *xml_if_matched_sid = "if_matched_sid";
+
+ const char *xml_same_source_ip = "same_source_ip";
+ const char *xml_same_src_port = "same_src_port";
+ const char *xml_same_dst_port = "same_dst_port";
+ const char *xml_same_user = "same_user";
+ const char *xml_same_location = "same_location";
+ const char *xml_same_id = "same_id";
+ const char *xml_dodiff = "check_diff";
+
+ const char *xml_different_url = "different_url";
+ const char *xml_different_srcip = "different_srcip";
+ const char *xml_different_srcgeoip = "different_srcgeoip";
+
+ const char *xml_notsame_source_ip = "not_same_source_ip";
+ const char *xml_notsame_user = "not_same_user";
+ const char *xml_notsame_agent = "not_same_agent";
+ const char *xml_notsame_id = "not_same_id";
+
+ const char *xml_options = "options";
+