Troy,
You need to add it to the route:
Path in1 => evcorr => fileout1
HTH,
Botond
On Tue, 4 Nov 2014 17:16:28 -0500
Troy Sorzano <troysorz...@gmail.com> wrote:
> I am attempting to use the evcorr module. But when I restart the nxlog
> service I see this
> WARNING not starting unused module evcorr
> INFO nxlog-ce-2.8.1248 started
> in nxlog.log
>
> I have this in my nxlog.conf. But the correlation does not work. Any idea
> why the module evorr does not start?
>
> <Input in1>
>
> Module im_udp
>
> Host 1.1.1.1
>
> Port 514
>
> exec if $raw_event =~ /test alert/ \
>
> { \
>
> $alertIP = $MessageSourceIP; \
>
> $Action = 'alert' ; \
>
> }
>
> Exec parse_syslog_bsd();
>
> </Input>
>
>
> <Processor evcorr>
>
> Module pm_evcorr
>
> <Thresholded>
>
> Condition defined $Action and $Action == 'alert'
>
> Context $alertIP
>
> Threshold 3
>
> Interval 10
>
> exec log_info("***ALERT for IP: " + $alertIP);
>
> </Thresholded>
>
> </Processor>
>
> <Output fileout1>
>
> Module om_file
>
> Exec $Hostname = $MessageSourceAddress;
>
> Exec $outfile = "/var/log/nxlog/logTEMP.txt";
>
> File $outfile
>
> Exec to_syslog_bsd();
>
> </Output>
>
> <Route 1>
>
> Path in1 => fileout1
>
> </Route>
>
>
>
> Thanks,
>
>
> Troy
------------------------------------------------------------------------------
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
