Hi all, This is my first attempt at an SA plug-in. It stores a copy of a message in a dated directory when specific rules are hit and then creates a dated directory for each rule that is hit and creates a symlink to the message file allowing you to quickly find messages on a given date hitting a specific rule. It avoids duplicate copies by using the SHA1 digest of the message as the filename.
I've been finding it very useful for developing and testing new rules, so I thought I would make it available to others. It can be downloaded from: http://www.fsl.com/support/SaveHits.pm http://www.fsl.com/support/SaveHits.cf Any comments and improvements are welcome. Kind regards, Steve.
