Known Good Regex Filter Library

Follow
Avatar
J Casalino

I'd like to start a known good regex filter thread.  I'm not a regex expert and I'm guessing there are many other admins out there who aren't either.  I'd like to be able to search this repository for common items so I don't have to open a support ticket every time I need to perform a specific task. 

Here are two RegEx filters I'm using today which work.  Please add comments with new filters as you write them, and if you improve or extend on one, please post it back to the community so we can all benefit.

 

1) Exclude Informational events from Windows Event Logs:

(?s).*Type\s+=\s+\"Information.*(?s).*

2) Exclude health checks from gathered IIS logs

(.*HTTP-Monitor.*) | (.*pingdom.*) | (.*akamai-test-object.*)

 

4

Comments

2 comments

Sort by Date Votes
  • Avatar
    Kevin Keech

    Here is an article on masking credit card numbers from log messages. This is a masking filter useful for compliance.

     

    0
    Permalink
  • Avatar
    Austin Ayers

    Exclude Event IDs in windows event logs
    (?s).EventCode.*5447(?s).
    I would love one that excludes specic events on specific hosts! like Exclude this event from this server only!

    0
    Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post