How to use a negative look ahead regular expression with SystemEDGE.

Document ID : KB000010313
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:
  • A negative look ahead regular expression is useful when you need to exclude certain matching patterns from triggering a SystemEDGE trap.
  • An example of this would be if you needed to trap on the word "apple" but not "applesauce".  
Instructions:
  • The following is an example of a negative look ahead regex pattern:

^(?!.*applesauce.*).*apple.*

  • The above will match anything that includes "apple", but it will ignore matches for the word "applesauce".
  • A basic regex using .*apple.* would match both "apple" and "applesauce".

 

 

 

 

 

Additional Information:
  • In order to use a negative look ahead regex with SystemEDGE the PCRE flag needs to be enabled.
  • For agents that are in unmanaged mode this can be done as follows:
  1. Stop SystemEDGE
  2. Navigate to the SystemEDGE\Port#\sysedge.cf file.
  3. Add the uncommented line use_pcre
  4. Save sysedge.cf file.
  5. Start SystemEDGE
  • For agents that are managed by VAIM:
  1. Identify the base policy the agent is using.   This can be found at the top of the sysedge.cf file located in the SystemEDGE\Port# folder.
  2. On the VAIM Manager within the correct base policy select the control settings tab and select "Use Perl Compatible Regular Expressions" check box, then save and re-deploy the policy.