i have an event that looks like this
03/01/2012 03:05:43 PM
Object Server: Security Handle ID: 940 Process ID: 1288 Image File Name: C:\Program Files\ISS\Proventia Server\phService.exe
I want these messages to be dropped if both type=success audit AND CategoryString=Object Access, however when i create the regex to do this which i think is supposed to be
(?m)(?=.*Type=Success Audit)(?=.*CategoryString=Object Access)
it doesn't seem to work. What am I doing wrong?