I am trying to write a message definition for a log message that starts with the following string:
"The Windows Filtering Platform has permitted a connection. Application Information:"
When I try to match it against
"<event_description>. Application Information:" it will not match, but with the definition
"<event_description> Application Information:" it does match. Does a dot character (".") get some special treatment in enVision/SA parsers? I was under the impression that it does not, but clearly something is wrong here. I would not like to include the dots in the stored value if that can be avoided.
I am using ESI to test for matches.