What could be the problem?
Regards,
Antonio.
From: antoniocuest...@hotmail.com
To: b...@nxlog.com; nxlog-ce-users@lists.sourceforge.net
Subject: Threshold evcorr
Date: Fri, 26 Aug 2016 22:37:54 +0200
Hi!
I have a problem. I have this:
######################
#para escribir fuera
<Extension fileop>
Module xm_fileop
</Extension>
<Input in4>
Module im_file
File "/home/antonio/Descargas/sn"
SavePos TRUE
Exec if ($raw_event =~ /^\d\d:\d\d:\d\d.(.+)/) { \
$Message = $1; \
$raw_event = $Message; \
}
</Input>
<Output out4>
Module om_file
File "/home/antonio/Descargas/nx"
</Output>
<Processor evcorr>
Module pm_evcorr
<Thresholded>
exec if $Message =~ /IP (\S{1,}) > \S{1,}:/ $IP=$1;
Condition $Message =~ /ICMP echo reply/
Threshold 150
Interval 120
Context $IP
Exec file_write("/home/antonio/Descargas/otro", "150 ECHO REPLY
packets from host" +$IP +"\n");
</Thresholded>
</Processor>
<Route 4>
Path in4 => evcorr => out4
</Route>
#############
When 200 lines come to the "sn" file with "ICMP echo reply ", in the file
"otro" appear 48 lines , when they should appear only 1 due to Thresholded and
I not know why.
Why can it be?
Thanks!
------------------------------------------------------------------------------
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
