This topic explains how to configure a custom parser used on a Decoder to generate metadata by scanning for pre‐defined keywords and regular expressions in the Services Config view > Files tab.
One of the files available for editing in the Services Config view > Files tab is search.ini, the search parser.
The Search Parser is a custom parser used to generate metadata by scanning for pre‐defined keywords and regular expressions. The parser searches the payload of a reconstructed session for string matches and can execute a regular expression search. You can configure the parser by editing the search.ini file.
The search definition is used across all protocols. There are three basic search methods:
- Keyword: Search a stream for a specific set of words
- Pattern: Search a stream for a regular expression match
- Keyword + Pattern: Search a stream for a regular expression if it contains any of a given set of keywords.
For a detailed explanation, see Search Parser in the search.ini Search String Syntax.