uvtms 1 Posted November 20, 2015 Share Posted November 20, 2015 I cannot get these to work. Supposedly the perl regexp syntax is supported. A very basic instance of a perl regexp is a word without any special characters which should match as substring. It does not seem to happen. So what is the format of the regular expression? Link to comment Share on other sites More sharing options...
zhopkins 10 Posted November 22, 2015 Share Posted November 22, 2015 It took a little bit of fiddling, but I've been able to get Regex working in several of our templates. I've built most of my RegEx strings through sites like regexr.com or regex101.com, with some slight modifications to signify the beginning and the end of the strings. 1) Looking for clients that have some point-release of a version 5.x client installed (i.e. any 5.x version): "Installed software.Application version" → RegEx → "^5.\d.\d{4}.\d$" 2) Looking for clients that do not have "Server" in the operating system name: "OS edition.OS name" → RegEx → "^(?!.*Server).*$" Link to comment Share on other sites More sharing options...
uvtms 1 Posted November 23, 2015 Author Share Posted November 23, 2015 I can just type the regexp into perl interpreter and test. That does not give same result as these match rules. I tried a small test perl program: "Microsoft Windows 7 Professional" matches 7. "Microsoft Windows Server 2008 R2" does not match 7. "Microsoft Windows Server 2008 R2" matches "Server". "Microsoft Windows Server 2008 R2" matches "Microsoft Windows Server". "Microsoft Windows Server 2008 R2" does not match "^(?!.*Server).*\$". "Microsoft Windows 7 Professional" matches "^(?!.*Server).*\$". However, when I change my rule with "Microsoft Windows Server" from prefix to regex the server systems no longer show up in the group. So yes, your example works. However, some valid regex examples do not. Link to comment Share on other sites More sharing options...
HSW 9 Posted November 24, 2015 Share Posted November 24, 2015 Interesting Topic Any tips to get a Syntax for this? I try to create dynamic Groups for "logged in User": All Users exept User1+User10+User159 Link to comment Share on other sites More sharing options...
ESET Staff Solution MartinK 375 Posted November 25, 2015 ESET Staff Solution Share Posted November 25, 2015 I cannot get these to work. Supposedly the perl regexp syntax is supported. A very basic instance of a perl regexp is a word without any special characters which should match as substring. It does not seem to happen. So what is the format of the regular expression? Hello, dynamic groups regular expressions are using perl syntax, but expression must match whole input string. Link to comment Share on other sites More sharing options...
HSW 9 Posted December 1, 2015 Share Posted December 1, 2015 I cannot get these to work. Supposedly the perl regexp syntax is supported. A very basic instance of a perl regexp is a word without any special characters which should match as substring. It does not seem to happen. So what is the format of the regular expression? Hello, dynamic groups regular expressions are using perl syntax, but expression must match whole input string. So if i understand correct, regex is here no additionally filter. Ist only a other way for "contains". Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted December 1, 2015 ESET Staff Share Posted December 1, 2015 I cannot get these to work. Supposedly the perl regexp syntax is supported. A very basic instance of a perl regexp is a word without any special characters which should match as substring. It does not seem to happen. So what is the format of the regular expression? Hello, dynamic groups regular expressions are using perl syntax, but expression must match whole input string. So if i understand correct, regex is here no additionally filter. Ist only a other way for "contains". Hello, I dont think matching whole string makes any difference: you can wrap your regular expression in ".*" and it should behave identically. Link to comment Share on other sites More sharing options...
HSW 9 Posted December 1, 2015 Share Posted December 1, 2015 I cannot get these to work. Supposedly the perl regexp syntax is supported. A very basic instance of a perl regexp is a word without any special characters which should match as substring. It does not seem to happen. So what is the format of the regular expression? Hello, dynamic groups regular expressions are using perl syntax, but expression must match whole input string. So if i understand correct, regex is here no additionally filter. Ist only a other way for "contains". Hello, I dont think matching whole string makes any difference: you can wrap your regular expression in ".*" and it should behave identically. Hi, but if i understand right, there is no chance to create a "and" syntax with regax (a and b and c and ...)? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,694 Posted December 1, 2015 Administrators Share Posted December 1, 2015 Hi, but if i understand right, there is no chance to create a "and" syntax with regax (a and b and c and ...)? Let us know what you would like to accomplish, maybe we will be able to provide you with the exact regex expression. Link to comment Share on other sites More sharing options...
HSW 9 Posted December 2, 2015 Share Posted December 2, 2015 Hi, but if i understand right, there is no chance to create a "and" syntax with regax (a and b and c and ...)? Let us know what you would like to accomplish, maybe we will be able to provide you with the exact regex expression. Hi Marco, im interested for the following syntax: All Users except Andreas + Christian + Michael or All PCs except PC_123 + NB_587 + HTPC_599 Link to comment Share on other sites More sharing options...
uvtms 1 Posted December 15, 2015 Author Share Posted December 15, 2015 you can achieve that if you expant on the all but Server OS expression Link to comment Share on other sites More sharing options...
uvtms 1 Posted March 3, 2016 Author Share Posted March 3, 2016 This does not seem to work as described here and there is no description in an official manual. perl test result: "Microsoft Windows Server 2008 R2" does not match "^(?!.*Server).*\$". "Microsoft Windows 7 Professional" matches "^(?!.*Server).*\$". "Microsoft Windows Server 2008 R2" matches "^(?!.*( 7| 8 | 10| XP)).*\$". "Microsoft Windows 7 Professional" does not match "^(?!.*( 7| 8 | 10| XP)).*\$". working group: EXPRESSION OPERATION AND (All conditions have to be true) RULES OS edition . OS name regex ^(?!.*Server).*$ always empty group: EXPRESSION OPERATION AND (All conditions have to be true) RULES OS edition . OS name has mask ^(?!.*( 7| 8 | 10| XP)).*$ Link to comment Share on other sites More sharing options...
ESET Staff MartinK 375 Posted March 3, 2016 ESET Staff Share Posted March 3, 2016 This does not seem to work as described here and there is no description in an official manual. I have made some simple tests and this kind of construction seems to be working, at least in ERA 6.3. Is there a chance computer has not connected since you modified this template? Would it be possible to enable debug trace.log verbosity for client that should be matching second group and post it here?: create file C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\traceAll to temporarily enable full verbosity of trace log without configuration change restart AGENT service search trace.log for regex you used - there should be line containing regex, data that it was compared with and result. delete traceAll file Also I would like to inform you, that we have added support for "not regex" condition type, which solves this problem much more elegantly. It has only one limit -> both SERVER and AGENT must be version 6.3 or newer. Link to comment Share on other sites More sharing options...
uvtms 1 Posted March 4, 2016 Author Share Posted March 4, 2016 Hello, I noticed that the expression is incorrectly used as mask rather than regexp. Fixing that it seems this works OK at least with simpler regexp that actually matches some computers that connect often. In ERA 6.2 there is option to select NOR as the condition operator which conveniently negates the regexp if that's the only condition you wanted. Link to comment Share on other sites More sharing options...
Recommended Posts