Ossim multiple extra_data

Asked Apr 14 '15 at 08:09

Active Apr 14 '15 at 08:19

Viewed 36 times

Piece of my log:

Info1: attack multiple Activity_ID: 0 activity_Name: name_activity

My decoder (not complete)

<decoder name="my-log">
  <parent>parent</parent>
  <regex offset="after_parent">^ Info1: (\S+) (\S+) Activity_ID: (\S+) activity_Name: (\S+)</regex>
  <order> extra_data, extra_data , id, extra_data</order>
</decoder>

In rules, I want search in different extra_data, for example.
if extra_data1 ^attack
if extra_data2 ^multiple
if extra_data3 ^name

Is it possible apply expression regular in multiple extra_data? Thanks

edited Apr 14 '15 at 08:19

NorthCat

9,643
16
47
50

asked Apr 14 '15 at 08:09

davidad

Ossim multiple extra_data

0 Answers0