Skip to main content
McAfee Enterprise MVISION Cloud

Use a diagnostic tool to evaluate Regex terms

To troubleshoot performance issues, you can use the regex-diagnosis tool, which lets you know about how much time was needed to process individual Regex (Regular expression) terms.

The tool is stored in a folder with system files on Secure Web Gateway. The path to it is /opt/mwg/bin. You can run the tool from a system console.

To evaluate Regex terms, you specify two files as parameters of the tool command. One that includes these terms and another that they are compared with to detect matches.

regex-diagnosis tool - Usage

You can use the regex-diagnosis tool to evaluate the processing of Regex (Regular expression) terms regarding the time that is consumed by this processing.

The tool resides in the /opt/mwg/bin system files folder on a Secure Web Gateway appliance.

Usage

/opt/mwg/bin/regex-diagnosis <parameters>

Unless otherwise described, parameters are optional.

One of the files specified here can have — (dash) as its filename. The file is then retrieved from stdin.

Parameter  Description
-m (mwg|boost|stl)

Mode of execution

  • mwg. MWG-internal implementation — Merged scanners
  • boost. boost::regex - single line
  • stl. c++11 std:Regex — single line

Either this parameter or -f must be specified.

Default: mwg.

-f <filename>

com.scur.type.regex.* file from /opt/mwg/storage/ area.

Either this parameter or -m must be specified.

-r <filename> Raw Regex input file.
-d <filename> Text file with string data to match the data in the file specified under- -f <filename> or -r <filename>.
-v Verbose logging.

Evaluate Regex terms with the regex-diagnosis tool

Use the regex-diagnosis tool to evaluate the processing of Regex (Regular expression) terms regarding the time consumed.

In the following sample evaluation, two files with lists of Regex terms are compared with a list in a default file for matches.

The time needed for detecting any matches is provided by the tool. The time is also provided if no match could be detected.

Task

  1. From a system console, connect to the Secure Web Gateway appliances where the files with the Regex terms that you want to evaluate reside.
  2. Run the following command to start the tool.
/opt/mwg/bin/regex-diagnosis -m mwg -f /opt/mwg/storage/subscribed_lists/update_server/
com.scur.type.regex.3216.xml -d -
  1. Review the tool output. It might look as follows.
Regex mode : mwg
Regex filename: /opt/mwg/storage/subscribed_lists/update_server/
com.scur.type.regex.3216.xml
Data filename : -
successfully opened '/opt/mwg/storage/subscribed_lists/update_server/
com.scur.type.regex.3216.xml' with mode: 'r'
https://some.url.not.in.the.list.com
https://some.url.in.the.list.office365.com
#2 data elements in file -
data = https://some.url.not.in.the.list.com, match = false, matching Regex = '', CPU
time used: 0.144074 ms
data = https://some.url.in.the.list.office365.com
NRE: First match='.office365.com'
NRE: Found match='.office365.com'
NRE: Matched regex/glob='*.office365.com'
, match = true, matching Regex = '*.office365.com', CPU time used: 0.193654 ms
Summary: #0 compilation errors, #1 matches, #1 mismatches, #0 exceptions

As a result from evaluating the Regex terms in these files, the following was found:

  • The some.url.not.in.the.list list produced no matches.
    CPU time needed to find this out: 0.144074 ms.
  • The some.url.not.in.the.list.office365 list produced one match: *.office365.com.
    CPU time needed to find this out: 0.193654 ms.
  • Was this article helpful?