You create pattern constants by enclosing text within forward slashes (/
).
The syntax is the same as for the flex version of the lex
utility.
For example,
/foo|bar/
specifies a pattern that matches either the text “foo” or the text “bar”;
/[a-zA-Z0-9]+/
matches one or more letters or digits, as will
/[[:alpha:][:digit:]]+/
or
/[[:alnum:]]+/
and the pattern
/^rewt.*login/
matches any string with the text “rewt” at the beginning of a line followed somewhere later in the line by the text “login”.
You can create disjunctions (patterns the match any of a number of
alternatives) both using the “{|
}” regular expression
operator directly, as in the first example above, or by using it
to join multiple patterns. So the first example above
could instead be written:
/foo/ | /bar/
This form is convenient when constructing large disjunctions because it's easier to see what's going on.
Note that the speed of the regular expression matching does not depend on the complexity or size of the patterns, so you should feel free to make full use of the expressive power they afford.
You can assign pattern
values to variables, hold them in tables,
and so on. So for example you could have:
global address_filters: table[addr] of pattern = { [128.3.4.4] = /failed login/ | /access denied/, [128.3.5.1] = /access timeout/ };
and then could test, for example:
if ( address_filters[c$id$orig_h] in msg ) skip_the_activity();
Note though that you cannot use create patterns dynamically. this form (or any other) to create dynamic