3 Replies Latest reply on Aug 27, 2014 3:24 AM by alexander_h

    Multi-line RegEx for custom parser


      Just throwing this one out there....


      Prior to 9.3.2 we created a custom parser for ESET Anti-Virus ( I referenced a few default parsers that used this method) so I went with a two line RegEx parser.


      After upgrading to 9.3.2,  I could edit the existing rule but if I tried duplicating from scratch I keep getting a pop-up error like this below when clicking finish.  The RegEx does seem to work with data in the Sample Log window.  ??


      pcre[2] not referenced

      failed to validate rule on line1



      Has anyone seen this and been successful in creating a multi-line parser..  Once you mention "custom parser" to support.... yeah sorry, we don't support custom parsers.


      FYI -- I solved this by just creating a one line RegEx parser but I'd was hoping to find out why...






      Message was edited by: rcavey on 6/10/14 11:56:13 AM CDT