Excellent points, all. I've decided to combine the two approaches.
However, I'm stuck.
As you can see below, I'm loading the hashes on startup, and the second rule
doesn't run. :( If I remove the context from the second rule, it runs fine.
I don't think context =($perl_hash{$2}) is a valid context or check. If
that is the case, how do I dump the hash to create contexts?
On Tue, Oct 18, 2011 at 3:48 PM, John P. Rouillard <rou...@cs.umb.edu>
wrote:
> I think adding a
>
> context = system_name_$2
>
> or
>
> context =($perl_hash{$2})
>
> to your rules will fix that nicely. If the contexts/hash entry aren't
> defined the rules don't fire.
testing.sec
=========
type=Single
desc=Load hashes at startup
ptype=SubStr
continue=TakeNext
pattern=SEC_RESTART
context=SEC_INTERNAL_EVENT
action=eval %a ( undef %hash; \
open(FILE, "</etc/sec/friendlynames.txt"); \
while (<FILE>) { chomp; my ($key, $val) = split /=/; $hash{"$key"} =
$val; }); \
eval %a (my $line; foreach (keys %hash) { $line .= "$_ = $hash{$_}\n";
}; chomp($line); return $line);
type=Single
desc=WTF doesn't this work?!
ptype=SubStr
pattern=SEC_RESTART
context=($hash{"GigabitEthernet1/37"})
action=logonly Holy Guacamole! It worked!
tail -f /var/log/sec/
=============
Wed Oct 19 13:36:16 2011: Reading configuration from /etc/sec/testing.sec
Wed Oct 19 13:36:16 2011: 4 rules loaded from /etc/sec/testing.sec
Wed Oct 19 13:36:16 2011: Creating SEC internal context 'SEC_INTERNAL_EVENT'
Wed Oct 19 13:36:16 2011: Creating SEC internal event 'SEC_RESTART'
Wed Oct 19 13:36:16 2011: Evaluating code 'undef %hash; open(FILE,
"</etc/sec/friendlynames.txt"); while (<FILE>) { chomp; my ($key, $val)
= split /=/; $hash{"$key"} = $val; }' and setting variable '%a'
Wed Oct 19 13:36:16 2011: Variable '%a' set to ''
Wed Oct 19 13:36:16 2011: Evaluating code 'my $line; foreach (keys %hash) {
$line .= "$_ = $hash{$_}\n"; }; chomp($line); return $line' and setting
variable '%a'
Wed Oct 19 13:36:16 2011: Variable '%a' set to 'GigabitEthernet3/16 =
IMPORTANT SERVER
GigabitEthernet1/37 = TEST SERVER'
Wed Oct 19 13:36:16 2011: Deleting SEC internal context 'SEC_INTERNAL_EVENT'
Justin J. Novack
Official Disturber of the Peace
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Ciosco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
