<form method=POST action="rules<?print $conf{'extension'}?>">

Making a new rule/regular expression how-to :<br>
<ul>
  <li>take several syslog lines, including ones that have to match and ones that don't have to match</li>
  <li>if 2 lines are too different, don't do a too generic rule, better make 2 specific ones</li>
  <li>don't do the opposite, one rule per different log line isn't the solution either</li>
  <li>don't try to make your rule in only one step, make it field by field and test at each one (first match "proto tcp", then if it works, try to match "proto tcp src=...", then ...</li>
  <li>once finished, send your rule/regexp and sample test log lines to me by mail</li>
</ul>

&nbsp;<b>ruleset to test :</b> regex=...;<br>
<textarea name="ruleset" rows=5 cols=80><?print $cgi->param( 'ruleset' )?></textarea>
<br>
&nbsp; You can use :<br>
&nbsp;&nbsp;&nbsp;$IP, matches an IPv4 or IPv6 address : [\d\.]+ or [\dA-Fa-f\:\.]+ => [\dA-Fa-f\:\.]+<br>
&nbsp;&nbsp;&nbsp;$PID, matches a process Id number : -?\d+<br>
&nbsp;&nbsp;&nbsp;$HOSTNAME, matches a FQDN/hostname : [\w\-\.]+<br>
&nbsp;&nbsp;&nbsp;$PORT, matches a port number : \d+
<br>
<br>
<br>
&nbsp;<b>syslog sample to test ruleset with :</b> (just paste sample syslog lines)<br>
<textarea name="syslog" rows="5" cols="80"><?print $cgi->param( 'syslog' )?></textarea>
<br>
<br>
<input type="submit" value="test">

</form>
