Lowercase msg before matching

Allow partial matching on msg field
2023-01-12 07:20:48 +00:00 · 2023-01-12 07:20:48 +00:00
1 changed files with 12 additions and 0 deletions
--- a/core/lib/rules.py
+++ b/core/lib/rules.py
@ -76,6 +76,18 @@ def process_rules(data):
                                    break
                        # Continue to next field
                        continue
+
+                    # Allow partial matches for msg
+                    if field == "msg":
+                        for msg in value:
+                            if "msg" in message:
+                                if msg.lower() in message["msg"].lower():
+                                    matched_field_number += 1
+                                    matched_fields.append(field)
+                                    # Break out of the msg matching loop
+                                    break
+                        # Continue to next field
+                        continue
                    if field in message and message[field] in value:
                        matched_field_number += 1
                        matched_fields.append(field)
Author	SHA1	Message	Date
Mark Veidemanis	9aacc2cc51	Lowercase msg before matching	2023-01-12 07:20:48 +00:00
Mark Veidemanis	031995d4b9	Allow partial matching on msg field	2023-01-12 07:20:48 +00:00