Hi Botond, I entirely renovated the idea with another entry . Now the entry don't have new line (\n). But still don't write in the output with raw_event and file_write. In file_write I put the "otro" file.
Do you know it can be?
<Extension fileop>
Module xm_fileop
</Extension>
<Input in4>
Module im_file
File "/home/antonio/Descargas/sn"
SavePos TRUE
Exec if ($raw_event =~ /^\d\d:\d\d:\d\d.(.+)/) { \
$Message = $1; \
$raw_event = $Message; \
}
</Input>
<Input internal>
Module im_internal
Exec $raw_event = $Message;
</Input>
<Output out4>
Module om_file
File "/home/antonio/Descargas/nx"
</Output>
<Processor evcorr>
Module pm_evcorr
<Thresholded>
exec if $Message =~ /IP (\S{1,}) > \S{1,}:/ $IP=$1;
Condition $Message =~ /^ICMP echo reply/
Threshold 3
Interval 120
Context $IP
Exec $raw_event = "3 ECHO REPLY packets from host $IP";
Exec file_write("/home/antonio/Descargas/otro", "3 ECHO REPLY
packets from host $IP");
</Thresholded>
</Processor>
<Route 4>
Path in4, internal => evcorr => out4
</Route>
sn
Description: Binary data
nx
Description: Binary data
otro
Description: Binary data
------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
