'horizontal', 'id' => 'logalert_rule', 'title' => 'New Syslog Rule Details', //'url' => generate_url(array('page' => 'add_alertlog_rule')), ]; $form['row'][1]['name'] = [ 'type' => 'text', 'name' => 'Rule Name', 'placeholder' => TRUE, //'class' => 'input-xlarge', 'width' => '250px', //'readonly' => $readonly, 'value' => $vars['name']]; $form['row'][2]['descr'] = [ 'type' => 'textarea', 'name' => 'Message', 'placeholder' => TRUE, 'class' => 'col-md-11 col-xs-11', //'width' => '250px', 'rows' => 4, //'readonly' => $readonly, 'value' => $vars['descr']]; $form['row'][3]['regex'] = [ 'type' => 'textarea', 'name' => 'Regular Expression', 'placeholder' => TRUE, 'class' => 'col-md-11 col-xs-11', //'width' => '250px', 'rows' => 4, //'readonly' => $readonly, 'value' => $vars['regex']]; $form['row'][7]['submit'] = [ 'type' => 'submit', 'name' => 'Add Rule', 'icon' => 'icon-plus icon-white', //'right' => TRUE, 'class' => 'btn-success', //'readonly' => $readonly, 'value' => 'add_alertlog_rule']; print_form($form); unset($form); ?>

'Syslog Regular Expressions', 'header-border' => TRUE, 'padding' => TRUE, ]; echo generate_box_open($box_args); echo <<Syslog Rules are built using standard PCRE regular expressions.

There are many online resources to help you learn and test regular expressions. Good resources include regex101.com, Debuggex Cheatsheet, regexr.com and Tutorials Point. There are many other sites with examples which can be found online.

A simple rule to match the word "error" could look like:

/error/

A more complex rule to match SSH authentication failures from PAM for the users root or adama might look like:

/pam.+\(sshd:auth\).+failure.+user\=(root|adama)/ SYSLOG_RULES; echo generate_box_close(); ?>