matchrule

package
v0.54.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 14, 2025 License: BSD-3-Clause Imports: 4 Imported by: 0

README

Match rules

Match rules are lightweight checks for the raw byte contents. The rules are combined in rulesets, they can be used with logical and or or applied to all rules in the rulset, its result might be inverted, they can check values in case insensitive mode.

Rule

values []string

List of values to check the content against.


mode string required options=prefix|suffix|contains

Content check mode. In prefix mode only first bytes of the content are checked. In suffix mode only last bytes of the content are checked. In contains mode there is a substring search in the contents.


case_insensitive bool default=false

When case_insensitive is set to true all values and the checking contents are converted to lowercase. It is better to avoid using this mode because it can impact throughput and performance of the logs collection.


invert bool default=false

Flag indicating whether to negate the match result. For example if all of the rules are matched and invert is set to true the whole ruleset will result as not matched. It should be used when it is easier to list items that should not match the rules.


RuleSet

name string

The name of the ruleset. Has some additional semantics in antispam exceptions.


cond string default=and options=and|or

Logical conditional operation to combine rules with. If set to and ruleset will only match when all rules are matched. If set to or ruleset will match when at least one of the rules is matched.


rules []Rule

List of rules to check the log against.


RuleSets

List of RuleSet. Always combined with logical or, meaning it matches when at least one of the rulesets match.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Cond 

type Cond byte
const (
	CondAnd Cond = iota
	CondOr
)

func (*Cond) UnmarshalJSON 

func (c *Cond) UnmarshalJSON(i []byte) error

type Mode 

type Mode byte
const (
	ModePrefix Mode = iota
	ModeContains
	ModeSuffix
)

func (*Mode) UnmarshalJSON 

func (m *Mode) UnmarshalJSON(i []byte) error

type Rule 

type Rule struct {
	// > @3@4@5@6
	// >
	// > Values to match at least one value.
	Values []string `json:"values" default:"" slice:"true"` // *

	// > @3@4@5@6
	// >
	// > Matching mode. Allowed modes: `prefix`, `contains`, `suffix`. Defaults to `contains`.
	Mode Mode `json:"mode"` // *

	// > @3@4@5@6
	// >
	// > CaseInsensitive is the truth then Match results in a lowercase search value.
	// > Not available fo the ModeContains because performance issues may arise.
	CaseInsensitive bool `json:"case_insensitive"` // *

	// > @3@4@5@6
	// >
	// > Flag indicating whether to negate the result of matching rule.
	Invert bool `json:"invert"` // *
	// contains filtered or unexported fields
}

func (*Rule) Match 

func (r *Rule) Match(raw []byte) bool

func (*Rule) Prepare added in v0.14.0 

func (r *Rule) Prepare()

type RuleSet 

type RuleSet struct {
	// > @3@4@5@6
	// >
	// > Name of the ruleset.
	Name string `json:"name"` // *

	// > @3@4@5@6
	// >
	// > Condition for combining rules. Allowed values: `and`, `or`. Defaults to `and`.
	Cond Cond `json:"cond" default:"and" options:"and|or"` // *

	// > @3@4@5@6
	// >
	// > List of rules to check.
	Rules []Rule `json:"rules" default:"" slice:"true"` // *
}

func (*RuleSet) Match 

func (rs *RuleSet) Match(data []byte) bool

func (*RuleSet) Prepare added in v0.14.0 

func (rs *RuleSet) Prepare()

type RuleSets added in v0.14.0 

type RuleSets []RuleSet

func (RuleSets) Prepare added in v0.14.0 

func (rs RuleSets) Prepare()

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.