Manualshelf

Release Notes

ManualsBrandsDell ManualsTVs & monitorsW-620
321322323324325326327328329330
l User: The username identifier. It can be in the form of a name, MAC address, or IP address.
l Action: The action to take when a rule match occurs.
Once a condition match occurs, no further rule-matching will be made. For the matching rule, only one action
can be defined.
For more details on the character-matching operators, repetition operators, and expression anchors used to
defined the search or match target, refer to the External Services Interfacechapter in the Dell Networking W-
Series ArubaOS 6.4.x User Guide .
Use the showesiparserrules command to show ESI parser rule information. Use the
showesiparserstats command to show ESI parser rule statistical information
Examples
The following command sets up the Fortigate virus rule named forti_rule. This rule parses the virus detection
syslog scanning for a condition match on the log_id value (log_id=) and a match on the IP address (src=).
(host) (config) #esiparserruleforti_rule
condition“log_id=[0-9]{10}[]”
matchipaddr“src=(.*)[]”
setblacklist
domainfortinet
enable
In this example, the corresponding ESI expression is:
<Sep2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4>
The following example of the test command tests a rule against a specified single syslog message.
testmsg"2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4"
<2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4>
=====
Condition:Matchedwithrule"forti_rule"
User:ipaddr=1.2.3.4
=====
The following example of the test command tests a rule against a file named test.log, which contains several
syslog messages.
testfiletest.log
<Sep2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4>
==========
Condition:Matchedwithrule"forti_rule"
User:ipaddr=1.2.3.4
==========
<Oct1810:43:40cli[627]:PAPI_Send:To:7f000001:8372Type:0x4Timedout.>
==========
Condition:Nomatchingruleconditionfound
==========
<Oct1810:05:32mobileip[499]:<500300><DBUG>|mobileip|Station00:40:96:a6:a1:a4,
10.0.100.103:DHCPFSMreceivedevent:RECEIVE_BOOTP_REPLYcurrent:PROXY_DHCP_NO_PROXY,
next:PROXY_DHCP_NO_PROXY>
==========
Condition:Nomatchingruleconditionfound
==========
Dell Networking W-Series ArubaOS 6.4.x | Reference Guide esi parser rule | 326