Known Good Regex Filter Library

Follow

J Casalino

• March 05, 2014 00:15

I'd like to start a known good regex filter thread.  I'm not a regex expert and I'm guessing there are many other admins out there who aren't either.  I'd like to be able to search this repository for common items so I don't have to open a support ticket every time I need to perform a specific task. 

Here are two RegEx filters I'm using today which work.  Please add comments with new filters as you write them, and if you improve or extend on one, please post it back to the community so we can all benefit.

 

1) Exclude Informational events from Windows Event Logs:

(?s).*Type\s+=\s+\"Information.*(?s).*

2) Exclude health checks from gathered IIS logs

(.*HTTP-Monitor.*) | (.*pingdom.*) | (.*akamai-test-object.*)

 

4

• 

  Kevin Keech

  • May 21, 2014 13:08

  Here is an article on masking credit card numbers from log messages. This is a masking filter useful for compliance.

   

  0

  Comment actions Permalink
• 

  Austin Ayers

  • October 28, 2015 19:04

  Exclude Event IDs in windows event logs
  (?s).EventCode.*5447(?s).
  I would love one that excludes specic events on specific hosts! like Exclude this event from this server only!

  0

  Comment actions Permalink

Please sign in to leave a comment.