Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Command Center for Security 6.2.

Logical operators

As discussed previously, you can include multiple keywords and phrases in a correlation match expression, delimited by spaces. In this case, to match the expression, the target message must match all the keywords and all the phrases specified, in any order. Each keyword and phrase is joined by an implied logical AND operator.

Example

The correlation match expression XX YY ZZ is identical to the correlation expression XX and YY and ZZ, and it matches the message only if all three keywords are present in the message.

BMC Defender Server has a total of four logical operators that you can use to join keywords or phrases in a match expression to build a more complex expression. These operators are well known and follow the standard rules of Boolean logic.

  • AND—This is the default logical conjunctive operator. 

    XX and YY matches any message that contains both XX and YY, found in any order within the message.Both the left and the right operands to the AND operator must be present somewhere within the message. 

  • OR—This is the logical or operator. 

    The correlation match expression AA or BB or CC matches the message if it contains any of the three keywords, found in any order within the message.Either the left or the right operands to the or operator, or both operands, must be present somewhere within the message. 

  • XOR—This is the logical exclusive or operator, that matches the message if either the left or right operands appear in the message, but not both operands. 

    QQ XOR RR matches the message value of qq, and matches the message value of rr, but does not match the message value of qq rr, or the message rrqq exists.The XOR operator is not used that often, however is invaluable when actually needed.

  • NOT—This is the logical negation operator, indicates that the keyword or phrase following the operator must not match. 

    NOT ZZ matches any message that does not contain the keyword ZZ.Likewise, the correlation match expression NOT AA and NOT BB and NOT CC matches any message that does not contain all three of the specified keywords, and the correlation match expression NOT AA or NOT BB or NOT CC matches any message that contains any of the specified keywords.

Syntactically, these operators are infix operators, that is to say, they are embedded directly in the expression to affect the expression's meaning. The AND, OR, and XOR operators require left and right operands. The NOT operator requires a single right operand.

By default, logical operators are evaluated from left to right.

Example

The match pattern aa and bb or cc that match the test message aabb or cc, but not aacc.

 If an expression has multiple logical operators, it is generally best to use parenthetical nesting to set the order of evaluation. This is described in the Parenthetical-nesting.

Related topic

Simple-match-expressions

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*