I see strange behaviour with the pattern matching.
I tried testing the same using the log file policy and I say that only the first rule is matching.
Check out the below snapshot ( Same has been attached as well ).
As per your Trap , var2 should always match .188.8.131.52.4.1.185184.108.40.206.220.127.116.11.18.104.22.168.22.214.171.124126.96.36.199.188.8.131.52.2.4294967295.132192.4.2
If var2 matches correctly then the proper alert is triggered if not it triggers the improper alert ( say, instead of Minor it triggers Critical\Major ) in those cases var2 variable is showing as .184.108.40.206.4.1.185220.127.116.11.18.104.22.168.22.214.171.124.126.96.36.199188.8.131.52.184.108.40.206.2.4294967295.132192.4.2=3
Just looking, if there are any other ways to get through this.
- Vidyasagar Machani -
Tell me and I forget. Teach me and I remember. Involve me and I learn. -- Benjamin Franklin