On Mon, Mar 10, 2008 at 11:12 AM, Jason Chambers <Jason.Chambers at geosoft.com> wrote:

Hi All,

I'm not too sure how to write perl expressions, but I was wondering if someone can give me assistance. I get these alerts from BBWIN:

red 2008-Mar-10 13:56:10 [xxx.geosoft.com] &red application: error - 2008/03/10 13:55:51 - MMReceiver (3506) - n/a "Possible SMTP attack. From 192.168.xxx.xxx - received 20 RSET requests"

Whether you are using local or central mode in the Windows bbwin.cfg file will determine whether these need to be added to thebbwin.cfg file on the client windows system or to the hobbit-clients.cfg on the server (respectfully). Syntax for these files is covered in each location and/or by examples from either the hobbit website or the help file for bbwin.

One or more of these should do the trick (note that the dollar sign at the end denotes that "requests" is expected to be the very end of the string; see the links below for more information on regex's):

*should work: %.received [0-9]* RSET requests$

*should work, "ignore 0-99, but not 100+ requests" %.received [0-9]{1,2} RSET requests$

*could work, if "\d" (any digit) works %.received \d* RSET requests$

will work, but is most broad is scope (which probably wouldn't matter in this case, but...) %.received .* RSET requests$

(* implementations of regex's differ in what set or subset of regular expression syntax is supported)

Tutorial Information on Regular Expressions (or "regex's"): http://www.regular-expressions.info/ http://www.regular-expressions.info/reference.html

Ben

But want to write a perl expression to ignore all those messages even if the "received ## RSET requests" Can someone write me the code on how to go about doing this? I want to learn incase I have future needs for it.

Thanks in advanced,

Jason Chambers IT Help Desk Associate

GEOSOFT INC. freedom to explore T +1 416.369.0111 #344 F +1 416.369.9599

Visit our site at www.geosoft.com