RecordPattern
The RecordPattern class describes where in the content of the RecordItem relevant information can be found. It provides a way to reference subsets of information, identified by a pattern, in a large log file, audit trail, or forensic data.
digraph RecordPattern { graph [bb="0,0,225,155", rankdir=LR ]; node [label="\N"]; RecordPattern [height=2.1528, label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#cccc52" HREF="/idmef_parser/IODEFv1/RecordPattern.html" TITLE="The RecordPattern class describes where in the content of the RecordItem relevant information can be found. It provides a way to reference subsets of information, identified by a pattern, in a large log file, audit trail, or forensic data. "><FONT FACE="Nimbus Sans L">RecordPattern</FONT></td> </tr>" %<tr><td BGCOLOR="#FFFF66" HREF="/idmef_parser/IODEFv1/RecordPattern.html" TITLE="Describes the type of pattern being specified in the element content. The default is "regex"."><FONT FACE="Nimbus Sans L">[ENUM] type (Required)</FONT></td></tr>%<tr><td BGCOLOR="#FFFF66" HREF="/idmef_parser/IODEFv1/RecordPattern.html" TITLE="A means by which to extend the type attribute. See Section 5.1."><FONT FACE="Nimbus Sans L">[STRING] ext-type (Optional)</FONT></td></tr>%<tr><td BGCOLOR="#FFFF66" HREF="/idmef_parser/IODEFv1/RecordPattern.html" TITLE="Amount of units (determined by the offsetunit attribute) to seek into the RecordItem data before matching the pattern."><FONT FACE="Nimbus Sans L">[INTEGER] offset (Optional)</FONT></td></tr>%<tr><td BGCOLOR="#FFFF66" HREF="/idmef_parser/IODEFv1/RecordPattern.html" TITLE="Describes the units of the offset attribute. The default is "line"."><FONT FACE="Nimbus Sans L">[ENUM] offsetunit (Optional)</FONT></td></tr>%<tr><td BGCOLOR="#FFFF66" HREF="/idmef_parser/IODEFv1/RecordPattern.html" TITLE="A means by which to extend the offsetunit attribute. See Section 5.1."><FONT FACE="Nimbus Sans L">[STRING] ext-offsetunit (Optional)</FONT></td></tr>%<tr><td BGCOLOR="#FFFF66" HREF="/idmef_parser/IODEFv1/RecordPattern.html" TITLE="Number of types to apply the specified pattern."><FONT FACE="Nimbus Sans L">[INTEGER] instance (Optional)</FONT></td></tr>%</table>>, pos="112.5,77.5", shape=plaintext, width=3.125]; }
Attributes
type (Required)
Describes the type of pattern being specified in the element content. The default is "regex".
Rank Keyword Description 1 regex regular expression, per Appendix F of [3]. 2 binary Binhex encoded binary pattern, per the HEXBIN data type. 3 xpath XML Path (XPath) [5] 4 ext-value An escape value used to extend this attribute. See Section 5.1.
ext-type (Optional)
A means by which to extend the type attribute. See Section 5.1.
offset (Optional)
Amount of units (determined by the offsetunit attribute) to seek into the RecordItem data before matching the pattern.
offsetunit (Optional)
Describes the units of the offset attribute. The default is "line".
Rank Keyword Description 1 line Offset is a count of lines. 2 binary Offset is a count of bytes. 3 ext-value An escape value used to extend this attribute. See Section 5.1.
ext-offsetunit (Optional)
A means by which to extend the offsetunit attribute. See Section 5.1.
instance (Optional)
Number of types to apply the specified pattern.