Matching patterns with regular expressions

Use regular expressions to search traffic for complex data patterns.

The Guardium implementation of regular expressions conforms with PCRE, which differs from the UNIX implementation of regular expressions. Regular expressions are allowed in any field that is followed by the regular expression button.
Restriction: Guardium does not support regular expressions for non-Latin character sets.
However, if your database uses UTF-8 encoding for Unicode, you can use the \xnn pattern to extend regex patterns in Unicode data, to, for example, scrub data written in non-Latin character sets. Technically, you can now scrub any data that you can represent with \xnn byte patterns. However, there are some limitations, as follows:
  • Each database has its own encoding scheme. You need to know which Unicode encoding your database uses.
  • The replacement character in scrub might not appear the same as defined in the scrub pattern, especially with 2-byte encoding schemes.
  • To limit the scrub, specify the length of the data to scrub as prefix. Otherwise, you might override the query metadata, which can lead to a failure or crash.
Tip: You can also use regular expressions with the following criteria by typing the special value guardium://regexp/(regular expression) in the value field: Database user, Application user, Source application, Field name, Object, Application event values text.
Notes:
  • If a complex regex statement fails (for example, a statement that uses recursive stack matching up to the maximum depth of the stack), criteria matching stops and the error is logged to the snif log. However, one error is logged at most every 30 minutes (and not for each failed statement).
  • Redact policies that use regular expressions can only scrub null-terminated data types.

For more information about using regular expressions, see Regular Expressions. For more information about troubleshooting with REDACT and regex, see REDACT function causes overly masked result and REDACT - Working with regex on Windows DB servers.