# # run-time grep string parameters for the syslogr.xeq script # lines starting with '#' are comments # NOTE: if you need to include a "'" in any string, repeat it *4* # times to get it parsed! i.e. Joe\''''s Place # Any grep-special characters inside search strings need to be escaped # by preceeding with a '\'. This includes '[]()- among others. When in # doubt, escape it. # Lines are parsed in order. Placing the highest-hit strings up front will # increase performance as later searches don't have to search as much # You can also utilize system CIVars and the !_hostnameu and !hostname # values provided by the Syslogr.xeq script # Note that HP's grep seems to be picky about \0nn numeric escape sequences # # First take care of VEAudit page headers \%LISTLOG CONSOLE SYSTEM !HPSYSNAME \-\-DATE\-\- \-TIME\- # # Now Norton Antivirus messages Norton AntiVirus: .* Could not scan [0-9]* files inside Norton AntiVirus.* Scan could not open file Norton AntiVirus.* Scan could not access path # # standard common messages # last message repeated [0-9]* times # # system logon/logoffs we don't care about # Security: .* Successful Network Logon:.* User Name: (administrator|Admin|!_hostnameu) Security: .*: User Logoff:.* User Name: (administrator|Admin|!_hostnameu) Account Used for Logon by: MICROSOFT_AUTHENTICATION_ MICROSOFT_AUTHENTICATION_PACKAGE_V.* Workstation Name: !_hostnameu # # unix daemon messages we don't care about # ucd-snmp\[[0-9]*\]: Connection from 192.1.1. ntpd\[[0-9]*\]: named\[[0-9]*\]: named-xfer\[[0-9]*\]: syslog: .* startup succeeded # # Add site-specific search strings here #