Well, you were right on your Regex. I changed the way the logom works instead of updates, I did cat. Also, when in production, this will actually use a command. So it's all good. Also, it worked with the variable when i used /(?!9[0-4].*/ so that says expect any number that isn't 90-94. So now i can take that variable and put it in the alarm message to show what the value is that caused the breach. Thanks for the help!