Reference Guide
254 | esi parser rule Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide
l Action: The action to take when a rule match occurs.
Once a condition match occurs, no further rule-matching will be made. For the matching rule, only one action can be
defined.
For more details on the character-matching operators, repetition operators, and expression anchors used to defined
the search or match target, refer to the
External Services Interface
chapter in the
Dell PowerConnect W-Series
ArubaOS 6.2 User Guide
.
Use the showesiparserrules command to show ESI parser rule information. Use the
showesiparserstats command to show ESI parser rule statistical information
Examples
The following command sets up the Fortigate virus rule named “forti_rule.” This rule parses the virus detection
syslog scanning for a condition match on the log_id value (log_id=) and a match on the IP address (src=).
(host) (config) #esiparserruleforti_rule
condition“log_id=[0-9]{10}[]”
matchipaddr“src=(.*)[]”
setblacklist
domainfortinet
enable
In this example, the corresponding ESI expression is:
<Sep2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4>
The following example of the test command tests a rule against a specified single syslog message.
testmsg"2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4"
<2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4>
=====
Condition:Matchedwithrule"forti_rule"
User:ipaddr=1.2.3.4
=====
The following example of the test command tests a rule against a file named test.log, which contains several syslog
messages.
testfiletest.log
<Sep2618:30:02log_id=0100030101type=virussubtype=infectedsrc=1.2.3.4>
==========
Condition:Matchedwithrule"forti_rule"
User:ipaddr=1.2.3.4
==========
<Oct1810:43:40cli[627]:PAPI_Send:To:7f000001:8372Type:0x4Timedout.>
==========
Condition:Nomatchingruleconditionfound
==========
<Oct1810:05:32mobileip[499]:<500300><DBUG>|mobileip|Station00:40:96:a6:a1:a4,
10.0.100.103:DHCPFSMreceivedevent:RECEIVE_BOOTP_REPLYcurrent:PROXY_DHCP_NO_PROXY,
next:PROXY_DHCP_NO_PROXY>
==========
Condition:Nomatchingruleconditionfound
==========