Hello,
I'm trying to do something simple and I must be missing something
obvious.
I have a log message of the form 'blah A blah B'. There could be
duplicates of the exact same message that I want to ignore but if
another message comes in with not A but B within a time period I want to
do an
In message 1285950348.25147.9.ca...@kittyhawk.ittns.northwestern.edu,
Mike Rykowski writes:
What I want to do is ignore subsequent messages if the mac and network
are the same. But if a subsequent message has the same network but
different mac then send email.
Ahh, so I have the wrong problem
So you would like to react on the *second* DHCPDISCOVER event, where the
network is the same as for the previous event, but MAC is different?
If that's the case, here are the rulesets for sample A and B events.
The first solutions employs one Pair rule. Since regular expressions are
identical
Big thank you to both you and Risto it is working.
On Fri, 2010-10-01 at 12:47 -0400, John P. Rouillard wrote:
type = pair
desc = match starting line and extract elements
ptype = regexp
pattern = dhcpd: DHCPDISCOVER from \S+ via \S+ network (\S+) no free leases
context = !
