| Pattern | Highlight Color | Purpose |
|---------|----------------|---------|
| \b(curl|wget|nc|ncat|bash -i|sh -i)\b | 🔴 Red + Bold | Reverse shell / downloader |
| (failed|denied|invalid|unauthorized) | 🟡 Yellow | Auth failures |
| (root|admin|sudo|su) followed by (accepted|logged) | 🟢 Green + Bold | Privileged access success |
| (SELECT.*FROM|DROP TABLE|INSERT INTO) | 🟣 Magenta | SQL injection in logs |
| (\.\./|\%2e\%2e/) | 🔵 Cyan | Path traversal attempt |
| (passwd|shadow|\.ssh|\.bashrc) | 🟠Orange | Sensitive file access |
| (\d1,3\.)3\d1,3 | 🟡 Dim yellow | IP addresses (less intrusive) |
| (chmod 777|chmod 666) | 🔴 Red + Underline | Dangerous permissions |
One size rarely fits all. Create multiple highlight sets and toggle them based on your task. xshell highlight sets
| Highlight Set Name | Use Case | Typical Rules |
|-------------------|----------|----------------|
| Web Dev | Nginx/Apache logs | Status codes, SQL queries, PHP errors |
| Security Admin | Auth logs, firewall logs | Failed logins, port scans, sudo commands |
| Database Admin | MySQL/PostgreSQL | Slow queries, deadlocks, replication errors |
| Kubernetes | kubectl get pods | CrashLoopBackOff, Pending, ImagePullBackOff |
| Network Engineer | Cisco/Juniper configs | Interface up/down, BGP neighbor changes | | Pattern | Highlight Color | Purpose |
This is by design. Xshell applies highlighting during rendering. If you scroll back, the highlights remain unless the terminal buffer is cleared. To permanently capture highlighted text, use File > Log > Start to log the session to a file. Xshell applies highlighting during rendering
A Highlight Set is a collection of rules that define how specific text strings appear on the terminal screen. Instead of reading through lines of monochrome text, users can configure Xshell to automatically color-code output based on keywords and regular expressions.
Catch critical failures immediately.
To save you time, here are three ready-to-import highlight set configurations.