diff --git a/src/entry/Maat_rule.cpp b/src/entry/Maat_rule.cpp
index 710470e..47c02d6 100644
--- a/src/entry/Maat_rule.cpp
+++ b/src/entry/Maat_rule.cpp
@@ -2468,7 +2468,8 @@ void update_group_rule(struct Maat_table_desc* table,const char* table_line,stru
 											&(db_group_rule.compile_id),
 											&(db_group_rule.is_valid),
 											&(db_group_rule.not_flag));
-	if(ret!=3&&ret!=4)
+	if((ret!=3&&ret!=4) || 
+		(db_group_rule.not_flag!=0&&db_group_rule.not_flag!=1))
 	{
 		MESA_handle_runtime_log(logger,RLOG_LV_INFO,maat_module ,
 							"update error,invalid format of group table %s:%s",
diff --git a/src/entry/Maat_stat.cpp b/src/entry/Maat_stat.cpp
index 6d03803..771de2e 100644
--- a/src/entry/Maat_stat.cpp
+++ b/src/entry/Maat_stat.cpp
@@ -8,7 +8,8 @@ enum MAAT_FS_STATUS{
 	STATUS_TABLE_NUM,
 	STATUS_PLUGIN_CACHE_NUM,
 	STATUS_PLUGIN_ACC_NUM,
-	STATUS_GROUP_RULE_NUM,
+	STATUS_GROUP_REF_NUM,
+	STATUS_GROUP_REF_NOT_NUM,
 	STATUS_COMPILE_RULE_NUM,
 	STATUS_POSTPONE_QSIZE,
 	STATUS_OUTER_MID_NUM,
@@ -61,7 +62,8 @@ void maat_stat_init(struct _Maat_feather_t* feather)
 	feather->fs_status_id[STATUS_PLUGIN_CACHE_NUM]=FS_register(feather->stat_handle, FS_STYLE_STATUS, FS_CALC_CURRENT,"plug_cache");
 	feather->fs_status_id[STATUS_PLUGIN_ACC_NUM]=FS_register(feather->stat_handle, FS_STYLE_STATUS, FS_CALC_CURRENT,"plug_acc");
 
-	feather->fs_status_id[STATUS_GROUP_RULE_NUM]=FS_register(feather->stat_handle, FS_STYLE_STATUS, FS_CALC_CURRENT,"grp_num");
+	feather->fs_status_id[STATUS_GROUP_REF_NUM]=FS_register(feather->stat_handle, FS_STYLE_STATUS, FS_CALC_CURRENT,"grp_num");
+	feather->fs_status_id[STATUS_GROUP_REF_NOT_NUM]=FS_register(feather->stat_handle, FS_STYLE_STATUS, FS_CALC_CURRENT,"not_grp");
 	feather->fs_status_id[STATUS_COMPILE_RULE_NUM]=FS_register(feather->stat_handle, FS_STYLE_STATUS, FS_CALC_CURRENT,"compile_num");
 
 	feather->fs_status_id[STATUS_POSTPONE_QSIZE]=FS_register(feather->stat_handle, FS_STYLE_STATUS, FS_CALC_CURRENT,"postponed");
@@ -168,7 +170,7 @@ void maat_stat_output(struct _Maat_feather_t* feather)
 	long long outer_mid_cnt=0,inner_mid_cnt=0;
 	long long orphan_group_saving=0, last_region_saving=0;
 	long long total_update_error=0,total_iconv_error=0;
-	long long compile_rule_num=0,group_rule_num=0,plugin_cache_num=0,plugin_acc_num=0;
+	long long compile_rule_num=0, group_rule_num=0, not_group_rule_num=0, plugin_cache_num=0, plugin_acc_num=0;
 	int i=0;
 	time_t now;
 	struct Maat_table_desc* p_table=NULL;
@@ -221,6 +223,7 @@ void maat_stat_output(struct _Maat_feather_t* feather)
 				break;
 			case TABLE_TYPE_GROUP:
 				group_rule_num+=table_rt->origin_rule_num;
+				not_group_rule_num+=table_rt->group.not_flag_group;
 				break;
 			case TABLE_TYPE_COMPILE:
 				compile_rule_num+=table_rt->origin_rule_num;
@@ -357,7 +360,8 @@ void maat_stat_output(struct _Maat_feather_t* feather)
 
 	FS_operate(feather->stat_handle, feather->fs_status_id[STATUS_PLUGIN_CACHE_NUM], 0,FS_OP_SET,plugin_cache_num);
 	FS_operate(feather->stat_handle, feather->fs_status_id[STATUS_PLUGIN_ACC_NUM], 0,FS_OP_SET,plugin_acc_num);
-	FS_operate(feather->stat_handle, feather->fs_status_id[STATUS_GROUP_RULE_NUM], 0,FS_OP_SET,group_rule_num);
+	FS_operate(feather->stat_handle, feather->fs_status_id[STATUS_GROUP_REF_NUM], 0,FS_OP_SET,group_rule_num);
+	FS_operate(feather->stat_handle, feather->fs_status_id[STATUS_GROUP_REF_NOT_NUM], 0,FS_OP_SET,not_group_rule_num);
 	FS_operate(feather->stat_handle, feather->fs_status_id[STATUS_COMPILE_RULE_NUM], 0,FS_OP_SET,compile_rule_num);
 
 	FS_operate(feather->stat_handle, feather->fs_status_id[STATUS_POSTPONE_QSIZE], 0,FS_OP_SET,feather->postpone_q_size);
diff --git a/src/entry/json2iris.cpp b/src/entry/json2iris.cpp
index a81994e..16ba6b4 100644
--- a/src/entry/json2iris.cpp
+++ b/src/entry/json2iris.cpp
@@ -770,7 +770,7 @@ int write_compile_rule(cJSON *compile,struct iris_description_t *p_iris,void * l
 	set_file_rulenum(table_info->table_path,table_info->line_count,logger);
 	return compile_id;
 }
-int write_group_rule(int compile_id ,int group_id,struct iris_description_t *p_iris,void * logger)
+int write_group_rule(int compile_id ,int group_id, int group_not_flag, struct iris_description_t *p_iris,void * logger)
 {
 	FILE*fp=NULL;
 	int ret=0;
@@ -790,7 +790,7 @@ int write_group_rule(int compile_id ,int group_id,struct iris_description_t *p_i
 										"fopen %s error %s.",p_iris->group_table->table_path,strerror(errno));
 		return -1;
 	}
-	fprintf(fp,"%d\t%d\t1\n",group_id,compile_id);
+	fprintf(fp,"%d\t%d\t1\t%d\n",group_id, compile_id, group_not_flag);
 	fclose(fp);
 	p_iris->group_table->line_count++;
 	ret=set_file_rulenum(p_iris->group_table->table_path,p_iris->group_table->line_count,logger);
@@ -821,6 +821,7 @@ int write_iris(cJSON *json,struct iris_description_t *p_iris,void* logger)
 	int i=0,j=0,k=0;
 	int compile_id=-1,compile_cnt=0,group_cnt=0,region_cnt=0,plug_table_cnt=0;
 	int ret=0;
+	int group_not_flag=0;
 	cJSON *c_rules=NULL,*g_rules=NULL,*r_rules=NULL,*item=NULL,*plug_tables=NULL;
 	cJSON *compile_rule=NULL,*group_rule=NULL,*region_rule=NULL,*each_plug_table=NULL;
 	const char* group_name=NULL;
@@ -878,6 +879,15 @@ int write_iris(cJSON *json,struct iris_description_t *p_iris,void* logger)
 		for(j=0;j<group_cnt;j++)
 		{
 			group_rule=cJSON_GetArrayItem(g_rules,j);
+			item=cJSON_GetObjectItem(group_rule,"not_flag");
+			if(item==NULL||item->type!=cJSON_Number)
+			{
+				group_not_flag=0;
+			}
+			else
+			{
+				group_not_flag=item->valueint;
+			}
 			item=cJSON_GetObjectItem(group_rule,"group_name");
 			if(item==NULL||item->type!=cJSON_String)
 			{
@@ -890,7 +900,7 @@ int write_iris(cJSON *json,struct iris_description_t *p_iris,void* logger)
 			group_info=(struct group_info_t*)MESA_htable_search(p_iris->group_name_map, (const unsigned char*)group_name, strlen(group_name));
 			if(group_info!=NULL)//exist group name ,region already read
 			{
-				ret=write_group_rule(compile_id, group_info->group_id, p_iris,  logger);
+				ret=write_group_rule(compile_id, group_info->group_id, group_not_flag, p_iris,  logger);
 				if(ret<0)
 				{
 					MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json,
@@ -942,7 +952,7 @@ int write_iris(cJSON *json,struct iris_description_t *p_iris,void* logger)
 					return -1;
 				}
 			}
-			ret=write_group_rule(compile_id, group_info->group_id, p_iris,  logger);
+			ret=write_group_rule(compile_id, group_info->group_id, group_not_flag, p_iris,  logger);
 			if(ret<0)
 			{
 				MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json,
diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp
index 6d516eb..2012686 100644
--- a/test/test_maatframe.cpp
+++ b/test/test_maatframe.cpp
@@ -289,6 +289,35 @@ TEST(IPScan, IPv6)
 	Maat_clean_status(&mid);
 	return;
 }
+TEST(Boolmatcher, NotFlagGroup)
+{
+	const char* string_should_hit="This string ONLY contains must-contained-string-11111.";
+	const char* string_should_not_hit="This string contains both must-contained-string-11111 and must-not-contained-string-22222.";
+
+	int ret=0;
+	int table_id=0;
+	struct Maat_rule_t result[4];
+	int found_pos[4];
+	const char* table_name="HTTP_URL";
+	scan_status_t mid=NULL;
+	table_id=Maat_table_register(g_feather,table_name);
+	ASSERT_GT(table_id, 0);
+	
+	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, string_should_hit, strlen(string_should_hit), 
+						result,found_pos, 4, &mid, 0);
+						
+	EXPECT_GE(ret, 1);
+	Maat_clean_status(&mid);
+
+	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, string_should_not_hit, strlen(string_should_not_hit), 
+						result,found_pos, 4, &mid, 0);
+						
+	EXPECT_EQ(ret, -2);
+	Maat_clean_status(&mid);
+
+
+}
+
 TEST(Helper, ReadColumn)
 {
 	const char* ip="192.168.0.1";