Logical operators
BMC Defender Server has a total of four logical operators that you can use to join keywords or phrases in a match expression to build a more complex expression. These operators are well-known and follow the standard rules of Boolean logic.
AND—This is the default logical conjunctive operator.
Both the left and the right operands to the AND operator must be present somewhere within the message.
OR—This is the logical OR operator.
Either the left or the right operands to the or operator, or both operands, must be present somewhere within the message.
XOR—This is the logical exclusive or operator, that matches the message if either the left or right operands appear in the message, but not both operands.
The XOR operator is not used that often, however, is invaluable when actually needed.
NOT—This is the logical negation operator. It indicates that the keyword or phrase following the operator must not match.
Likewise, the correlation match expression NOT AA AND NOT BB AND NOT CC matches any message that does not contain all three of the specified keywords, and the correlation match expression NOT AA OR NOT BB OR NOT CC matches any message that contains any of the specified keywords.
Syntactically, these operators are infix operators, that is to say, they are embedded directly in the expression to affect the expression's meaning. The AND, OR, and XOR operators require left and right operands. The NOT operator requires a single right operand.
By default, logical operators are evaluated from left to right.
If an expression has multiple logical operators, it is generally best to use parenthetical nesting to set the order of evaluation. This is described in the Parenthetical-nesting.