[Aide] Help about a difficult matching rule

[Paul Dodd]

OK, on the basis that aide does not support extended regular expressions
i.e. '\d'
how about:

 !/lib/klibc/events/debug\.[0-9]{5}\.[A-Za-z]+\.add\.[0-9]{1,5}$

The expression does match '/lib/klibc/events/debug.00788.module.add.1250', I
tried it with PHP.

Paul
----- Original Message ----- 
From: "Costas Zreikas" <computer_dept at feximports.gr>
To: "'Paul Dodd'" <paul.dodd at usb.unibe.ch>; <aide at cs.tut.fi>
Sent: Friday, May 26, 2006 1:30 PM
Subject: RE: [Aide] Help about a difficult matching rule


> Paul,
>
> When I tried to escape the dots (.) like you suggested;
>
> !/lib/klibc/events/debug\.\d{5}\.\w+\.add\.\d{1,5}
>
> I got the following message;
>
> ***glibc detected *** malloc(): memory corruption: 0x08161060 ***
> Aborted
>
> But while the dot (.) represents a single char it wouldn't make much
> difference since it's actually dots in the placeholders. Wright?
> As for trying !/lib/klibc/events/debug.\d{5}.\w+.add.\d{1,5} or
> !/lib/klibc/events/debug.\d{5}.[a-zA-Z].add.\d{1,5} nor
> !/lib/klibc/events/debug.\d{5}.[a-zA-Z]+.add.\d{1,5} none of them worked.
> The files I don't want are still in the database.
>
> Thank you anyway.
>
> Costas
>
> -----Original Message-----
> From: Paul Dodd [mailto:paul.dodd at usb.unibe.ch]
> Sent: Friday, May 26, 2006 1:14 PM
> To: computer_dept at feximports.gr; Aide user mailinglist
> Subject: Re: [Aide] Help about a difficult matching rule
>
> To exclude files like
> /lib/klibc/events/debug.00788.module.add.1250
> try
> !/lib/klibc/events/debug\.\d{5}\.\w+\.add\.\d{1,5}
>
> because:
> '\.' matches only '.' ('.' matches any single character) '\w+' matches a
> string at least one alphanumeric characters i.e. 'module'
>
> I've also changed the last '\w' to a '\d' on the assumption ? that the
> suffixes are only numeric, change it back if I'm wrong.
>
> Paul
>
>
> ----- Original Message -----
> From: "Costas Zreikas" <computer_dept at feximports.gr>
> To: <aide at cs.tut.fi>
> Sent: Thursday, May 25, 2006 9:12 AM
> Subject: [Aide] Help about a difficult matching rule
>
>
> > Hello List,
> >
> > Please can anyone help me on how to form a rule so to exclude files
like;
> >
> > /lib/klibc/events/debug.00788.module.add.1250
> >
> >
> > In my aide.conf I have the lines;
> >
> > =/lib/klibc/events/$ R-m-c
> > !/lib/klibc/events/debug.\d{5}.\w.add.\w{1,5}
> > /lib R
> >
> > I'm using SUSE 10.0 and I've found the regular expressions syntax from
> "man
> > perlrequick"
> >
> > Thanx
> >
> > _______________________________________________
> > Aide mailing list
> > Aide at cs.tut.fi
> > https://mailman.cs.tut.fi/mailman/listinfo/aide
>
>
>