Question:

Is there are way to read in a file to match for substrings?

Example:

filter f_malware {

    in-list("/etc/syslog-ng/conf.d/malware.list",

   value("MSG"));

};

rewrite rw_malware {

  set("Malware", value("PROGRAM") condition(filter(f_malware)));

};

 

 

Then, given a string like:

Dec 15 17:57:02 230.16.190.121 %ASA-5-304001: 67.16.126.205 Accessed URL 114.4.201.244:http://wvqwdhimen.jaqwejggvwxyangoqepw.tk/storageframe.html

 

It would look at malware.list and see a line containing:

wvqwdhimen.jaqwejggvwxyangoqepw.tk

 

and set the Program name as "Malware"

 

I see in the docs, it says ' Only exact matches are supported, partial and substring matches are not' so I don't think this will work.

Is there a way to do anything like this?

 

 

- Clayton