RecordPattern

The RecordPattern class describes where in the content of the RecordItem relevant information can be found. It provides a way to reference subsets of information, identified by a pattern, in a large log file, audit trail, or forensic data.

digraph RecordPattern { graph [rankdir=LR]; node [label="\N"]; graph [bb="0,0,266,148"]; RecordPattern [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a00" HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="The RecordPattern class describes where in the content of the RecordItem relevant information can be found. It provides a way to reference subsets of information, identified by a pattern, in a large log file, audit trail, or forensic data. ">RecordPattern</td> </tr>" %<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="Describes the type of pattern being specified in the element content. The default is &quot;regex&quot;.">[ENUM] type (Required) </td></tr>%<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="A means by which to extend the type attribute. See Section 5.1.">[STRING] ext-type (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="Amount of units (determined by the offsetunit attribute) to seek into the RecordItem data before matching the pattern.">[INTEGER] offset (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="Describes the units of the offset attribute. The default is &quot;line&quot;.">[ENUM] offsetunit (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="A means by which to extend the offsetunit attribute. See Section 5.1.">[STRING] ext-offsetunit (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="Number of types to apply the specified pattern.">[INTEGER] instance (Optional) </td></tr>%</table>>, shape=plaintext, pos="133,74", width="3.6667", height="2.0694"]; }



Attributes

type (Required)

Describes the type of pattern being specified in the element content. The default is "regex".
Rank Keyword Description
1 regex regular expression, per Appendix F of [3].
2 binary Binhex encoded binary pattern, per the HEXBIN data type.
3 xpath XML Path (XPath) [5]
4 ext-value An escape value used to extend this attribute. See Section 5.1.

ext-type (Optional)

A means by which to extend the type attribute. See Section 5.1.

offset (Optional)

Amount of units (determined by the offsetunit attribute) to seek into the RecordItem data before matching the pattern.

offsetunit (Optional)

Describes the units of the offset attribute. The default is "line".
Rank Keyword Description
1 line Offset is a count of lines.
2 binary Offset is a count of bytes.
3 ext-value An escape value used to extend this attribute. See Section 5.1.

ext-offsetunit (Optional)

A means by which to extend the offsetunit attribute. See Section 5.1.

instance (Optional)

Number of types to apply the specified pattern.


IDMEF


IODEF