- A negative look ahead regular expression is useful when you need to exclude certain matching patterns from triggering a SystemEDGE trap.
- An example of this would be if you needed to trap on the word "apple" but not "applesauce".
- The following is an example of a negative look ahead regex pattern:
- The above will match anything that includes "apple", but it will ignore matches for the word "applesauce".
- A basic regex using .*apple.* would match both "apple" and "applesauce".
- In order to use a negative look ahead regex with SystemEDGE the PCRE flag needs to be enabled.
- For agents that are in unmanaged mode this can be done as follows:
- Stop SystemEDGE
- Navigate to the SystemEDGE\Port#\sysedge.cf file.
- Add the uncommented line use_pcre
- Save sysedge.cf file.
- Start SystemEDGE
- For agents that are managed by VAIM:
- Identify the base policy the agent is using. This can be found at the top of the sysedge.cf file located in the SystemEDGE\Port# folder.
- On the VAIM Manager within the correct base policy select the control settings tab and select "Use Perl Compatible Regular Expressions" check box, then save and re-deploy the policy.