Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2831
Views
0
Helpful
4
Replies

IPS Regex for Boolean "AND"

Go to solution
ganesh.kumar
Level 1
Level 1

‎04-16-2012 11:48 AM - edited ‎03-10-2019 05:39 AM

Hi,

anyone know the regex string for Boolean "AND" operator. I came to know OR operator got string "|". But unable to find string for AND operator.

any help would be appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rupadras
Cisco Employee
Cisco Employee
In response to ganesh.kumar

‎04-19-2012 02:28 PM

Hi Ganesh,

Say, in your example, if the strings Color and Green are separated by AAAA, you can write a regex as "ColorAAAAGreen".

If you are not sure what characters can be between Color and Green, you can have a regex like "Color[\x00-\xff]*Green". This will fire if you see Color followed by Green in the traffic stream. But this includes a wildcard and could be memory-intensive. multistring engine would be better in this case.

So depending on the traffic you are matching, you can hardcode some strings in the regex and get the AND functionality.

HTH,

Radhika

View solution in original post

0 Helpful
4 Replies 4

Go to solution
a.matahen
Level 1
Level 1

‎04-17-2012 01:02 AM

Hello Ganesh,

Are you trying to configure more than one action for a signature?

You can do that using the same operator, but with no spaces, the command should be:

event-action produce-alert|deny-packet-inline

make sure that you write "deny-packet-inline" not any abbriviation like deny-p

HTH

Ahmad

0 Helpful

Go to solution
ganesh.kumar
Level 1
Level 1
In response to a.matahen

‎04-17-2012 10:16 AM

Hi,

i am looking a option to use Regex. For example color and Green. I know multi-string can do this. But looking option to use in same line like we use OR (I) operator in Regex.

0 Helpful

Go to solution
rupadras
Cisco Employee
Cisco Employee
In response to ganesh.kumar

‎04-19-2012 02:28 PM

Hi Ganesh,

Say, in your example, if the strings Color and Green are separated by AAAA, you can write a regex as "ColorAAAAGreen".

If you are not sure what characters can be between Color and Green, you can have a regex like "Color[\x00-\xff]*Green". This will fire if you see Color followed by Green in the traffic stream. But this includes a wildcard and could be memory-intensive. multistring engine would be better in this case.

So depending on the traffic you are matching, you can hardcode some strings in the regex and get the AND functionality.

HTH,

Radhika

0 Helpful

Go to solution
ganesh.kumar
Level 1
Level 1
In response to rupadras

‎05-01-2012 09:45 AM

Hi Rupadras,

Thanks for the reply. Your answer worked me perfectly.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card