Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
826
Views
0
Helpful
1
Replies

Message Filter Regular Expressions - Only First Match Available

Spencer
Level 1
Level 1

‎01-11-2017 10:16 AM

Hi,

I make a lot of use of the message filters available in AsyncOS.  I like them a lot.

One of the drawbacks I'm having right now is that the content matching of 'attachment-binary-contains' only returns the first match it finds in $MatchedContent.

I get that finding a single match is less expensive than finding all, and that it must be the default, but if there is a way to return all matches in $MatchedContent, and not just the first one it finds, my alerting could be greatly improved.

Has anybody had any luck with something like this and getting more information from matches, maybe some other way?  I've looked into a few things, but in the end the python itself would have to change, and the python regexes do not support recursion.

Thank you

Labels:
0 Helpful
1 Reply 1

dmccabej
Cisco Employee
Cisco Employee

‎01-15-2017 01:16 PM

Hello,

Currently the $MatchedContent variable will only return the first match it finds and provide that output. If you wish, you could always open a TAC case to create an Enhancement Request to improve this behavior. Keep in mind though as you stated, I'm sure it would start getting pretty resource intensive if the variable had to provide every match it found along with the added scanning times.

Thanks!

-Dennis M.

0 Helpful
Customers Also Viewed These Support Documents