Allow partial matching on msg field

1 year ago · 031995d4b9
parent 4f55ffeaf7
commit 031995d4b9
1 changed files with 12 additions and 0 deletions
--- a/core/lib/rules.py
+++ b/core/lib/rules.py
@ -76,6 +76,18 @@ def process_rules(data):
                                    break
                        # Continue to next field
                        continue
+
+                    # Allow partial matches for msg
+                    if field == "msg":
+                        for msg in value:
+                            if "msg" in message:
+                                if msg in message["msg"]:
+                                    matched_field_number += 1
+                                    matched_fields.append(field)
+                                    # Break out of the msg matching loop
+                                    break
+                        # Continue to next field
+                        continue
                    if field in message and message[field] in value:
                        matched_field_number += 1
                        matched_fields.append(field)