Are you using all of the features with CimTrak? One feature in CimTrak often overlooked is the Regular Expression Excludes/Includes (RegEx). Did you know that in any Object Group you can take advantage of RegEx to automatically exclude or include any files matching a specific pattern you create? Remember, it is always a best practice to ignore files like log, swap, or cache files as they tend to change quite often as they are supposed to.
A log file can change over 100 times in just a few minutes! With CimTrak we want to monitor files that are NOT supposed to change. We don’t want to have our Event Log flooded with things that are supposed to change. RegEx comes to save the day to help narrow down your scope to watch specifically what you want.
One great example is found in our Windows Operating System Template. While we already exclude a lot of different folders from the C:\Windows directory as they may be dynamic or cause false positives; we also created a long RegEx to INCLUDE critical file types that should be monitored. When applied, the Agent can automatically detect if a file has a specific extension, if it does the Agent will automatically include it in its scope. Nobody wants to go out and check-mark all 10,000 .exe’s if you can find them all!
Let’s take a look at what that RegEx looks like:
.(?i)(asp|bas|bat|cmd|com|cpl|exe|dll|ps1|ps1xml|hta|inf|js|lnk|msc|msi|msp|ocx|pif|reg|scr|sys|vb|vbs|wsf|wsh|hosts|lmhosts.sam|networks|protocol|services)$
I am going to head to the website www.regex101.com, a website that is a great resource to learn, create, and test regular expressions, to further break down how these work. Below I created a shorter version of the Windows Template RegEx. However, this time only looking for php and txt files.
Notice in the test string area, I just wrote down some fake paths of some files.
Notice how the php and txt are highlighted in green.
This shows that the RegEx I created is set up to match those strings. This is how you test your strings to see if they match as expected. We can see here my RegEx is working as expected.
Note: When testing, always have the “gm” in the right side field as those are global modifiers mim how CimTrak would integrate the Regular Expression.
If you are curious about how RegEx works or what each operator means, you can see the full explanation on the right-hand side of the website.
Here is a snippet of mine:
Now we can take this RegEx I created and apply it to a Watch within an Object Group:
Once you lock up this Object Group, all php and txt files will be ignored and any changes to those files will NOT be logged.
If you make this an Inverse RegEx, it will be the opposite and ONLY changes php and txt files will be logged while all over files will be ignored. You can make RegEx to look for files with a certain extension, starts with a specific letter, ends with some number, maybe all files with the word “Error”.
To sum it up, RegEx is very powerful and can be utilized for almost any use case. For more information about CimTrak ticketing, download our ticketing module brief today.
