Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Kiwi Syslog Server > Kiwi Syslog Server Administrator Guide > Add rules, filters, and actions > Add a filter > Regular expressions supported by Kiwi Syslog Server

Regular expressions supported by Kiwi Syslog Server

Table of contents

When you are adding a filter based on IP address, host name, or message text, you can use the following regular expression characters and sequences to specify the filter values.

Character Description
^ Looks only at the beginning of a string.
$ Looks only at the end of a string.
. Matches any character.
?

Matches when the previous character is repeated zero or one time.

For example, 10? matches 1 and 10.

*

Matches when the previous character is repeated zero or more times.

For example, 10* matches 1, 10, 100, 1000, and so on.

+

Matches when the previous character is repeated one or more times.

For example, 10* matches 1, 10, 100, 1000, and so on.

\

Escapes the next character.

When the next character is a special character (part of the syntax), use this to indicate that the character should be interpreted literally. For example, \.\*\+\\ matches .*+\.

|

Separates alternatives.

For example, z|wood matches both z and wood. And (Hello | Hi) world matches Hello world and Hi world.

{n}

Matches the preceding character exactly n times, where n is a non-negative integer.

For example, o{2} does not match the o in Bob, but matches the first two o's in foooood.

{n,}

Matches the preceding character at least n times.

For example, o{2} does not match the o in Bob, but matches all the o's in foooood. o{1,} is equivalent to o+, and o {0,} is equivalent to o*.

{n,m}

Matches the preceding character at least n times but not more than m times.

For example, o{1,3} matches the first three o's in fooooood. o{0,1} is equivalent to o?.

[]

Matches any character enclosed within the brackets.

For example, [abc] matches the a in plain.

[^ ]

Matches any character not enclosed within the brackets.

For example, [abc] matches the k in back.

[a-z]

Matches any character in the specified range.

For example, [m-s] matches any lowercase alphabetic character in the range m through s.

[^a-z]

Matches any character not in the specified range.

For example, [^m-s] matches any character not in the range m through s.

\b

Matches a word boundary, that is, the position between a word and a space.

For example, er\b matches the er in never but not the er in verb.

\B

Matches a non-word boundary.

For example, ear\B matches the ear in never early.

\d Matches a digit character. Equivalent to [0-9].
\D Matches a non-digit character. Equivalent to [^0-9].
\f Matches a form-feed character.
  Matches a newline character.
\q Matches a quote character or ASCII value of 34.
  Matches a carriage return character.
\s Matches any white space including space, tab, form-feed, etc. Equivalent to [ \f\v].
\S Matches any nonwhite space character. Equivalent to [^ \f\v].
  Matches a tab character.
\v Matches a vertical tab character.
\w Matches any word character including underscore. Equivalent to [A-Za-z0-9_].
\W Matches any non-word character. Equivalent to [^A-Za-z0-9_].
(x)\n

Matches consecutive identical characters or strings, where x is the character or string and n is the number of times it is repeated (not including the first occurrence).

For example, (.)\1 matches any two consecutive identical characters.

\n

Matches n, where n is an octal escape value. Octal escape values must be 1, 2, or 3 digits long. For example, \11 and \011 both match a tab character. \0011 is the equivalent of \001 and 1. Octal escape values must not exceed 256. If they do, only the first two digits make up the expression. This allows ASCII codes to be used in regular expressions.

\xn Matches n, where n is a hexadecimal escape value. Hexadecimal escape values must be exactly two digits long. For example, \x41 matches A. \x041 is equivalent to \x04 and 1. This allows ASCII codes to be used in regular expressions.

Examples

Expression Matches
^stuff Any string starting with stuff
stuff$ Any string ending with stuff
o.d old, odd, ord, etc.
o[ld]d old or odd only
o[^l]d odd, ord, but not old
od? o or od
od* o, od, or odd
od+ od, odd, etc.
\. Decimal point (needs escape character)
[A-Z][a-z]* Any uppercase word
[0-9]+ Any stream of digits
[1-9]+[1-9]* Any stream of digits not starting with zero
[+\-]?[0-9]*[\.]?[0-9]* Any number with optional sign and decimal point (needs two escape characters)
dst=\qLOCAL MACHINE\q Any occurrence of dst="LOCAL MACHINE"
dst=\x22LOCAL MACHINE\x22 Any occurrence of dst="LOCAL MACHINE", because Hex(22) = ASCII 34, or "
(z|w)oo zoo or woo
Last modified
18:03, 17 Mar 2017

Tags

Classifications

Public