Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Installation And Configuration Manual page 360

System Components
Regular Expression Syntax
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
A-34
Regular expressions are text patterns that are used for string matching. Regular
expressions are strings that contains a mix of plain text and special characters to
indicate what kind of matching to do. For example, if you are looking for a
numeric digit, the regular expression to search for is "[0-9]". The brackets
indicate that the character being compared should match any one of the characters
enclosed within the bracket. The dash (-) between 0 and 9 indicates that it is a
range from 0 to 9. Therefore, this regular expression matches any character
between 0 and 9, that is, any digit. To search for a specific special character, you
must use a backslash before the special character. For example, the single
character regular expression "\*" matches a single asterisk.
The regular expressions defined in this section are similar to a subset of the
POSIX Extended Regular Expression definitions. In particular, "[..]", "[==]", and
"[::]" expressions are not supported. Also, escaped expressions representing
single characters are supported.
^ Beginning of the string—The expression "^A" matches an "A" only at the
•
beginning of the string.
^ Immediately following the left-bracket ([)—Excludes the remaining
•
characters within brackets from matching the target string. The expression
"[^0-9]" indicates that the target character should not be a digit.
$—The dollar sign ($) matches the end of the string. The expression "abc$"
•
matches the sub-string "abc" only if it is at the end of the string.
|—The alternation character (|) allows the expression on either side to match
•
the target string. The expression "a|b" matches "a" as well as "b".
• .—The dot (.) matches any character.
• *—The asterisk (*) indicates that the character to the left of the asterisk in the
expression should match 0 or more times.
The following example matches any number of occurrences of the letter a,
including none:
a*
• +—The plus (+) is similar to asterisk but there should be at least one match
of the character to the left of the + sign in the expression.
Appendix A Intrusion Detection System Architecture
78-15597-02