I see strange behaviour with the pattern matching.
I tried testing the same using the log file policy and I say that only the first rule is matching.
Check out the below snapshot ( Same has been attached as well ).
As per your Trap , var2 should always match .18.104.22.168.4.1.18522.214.171.124.126.96.36.199.188.8.131.52.184.108.40.206220.127.116.11.18.104.22.168.2.4294967295.132192.4.2
If var2 matches correctly then the proper alert is triggered if not it triggers the improper alert ( say, instead of Minor it triggers Critical\Major ) in those cases var2 variable is showing as .22.214.171.124.4.1.185126.96.36.199.188.8.131.52.184.108.40.206.220.127.116.1118.104.22.168.22.214.171.124.2.4294967295.132192.4.2=3
Just looking, if there are any other ways to get through this.
- Vidyasagar Machani -
Tell me and I forget. Teach me and I remember. Involve me and I learn. -- Benjamin Franklin