Risto:
You (and sec) really are a treasure. Thanks for all you do. I don't
currently have the issue that Mugugno mentions, but I might in the
future. Your explanation below is excellent.
Eric
On 3/14/2023 11:52 AM, Risto Vaarandi wrote:
hi Mugugno,
thanks for clarifying your scenario!
[Oops, I meant to send this to the list. Stuart reports that it fixed
his problem.]
On 5/8/2016 9:47 AM, Stuart Kendrick wrote:
> Anyone willing to share their system unit file?
Mine looks similar, except I run with --nodetach, while you have --detach.
Eric.
I run multiple copies of sec in order to independently monitor multiple
log files. I'm moving to Fedora 20, and I'd like to run sec from systemd
instead of using init.d shell scripts.
Fedora (and all other distros I've seen) provide a sample sec.service
file that just runs a single instance of
On 06/04/2013 08:37 AM, termo meter wrote:
Dear All,
I have question on how SEC doing pattern matching.
For example i have below logs from my firewall:
5-23-2013 4:10:03 PM UDP Traffic Received from 10.1.1.1:
163May 23 2011 15:59:45: %ASA-3-10614: Deny inbound icmp src
To: simple-evcorr-users@lists.sourceforge.net, Eric V. Smith
e...@trueblade.com
Date: Tuesday, 4 June, 2013, 6:42 AM
Hi Eric,
Thank you,
i edit a bit the pattern, like this
Deny\s\S+ icmp\s\S+ outside:10\.10\.0\.63
it works
--- On *Tue, 4/6/13
Sorry for the late reply.
When I originally mentioned amqp it was to support the idea that a
persistent connection to a single process would solve most use cases.
And further, there's no need to build in to sec any sort of load
balancing across multiple instances of such connections. Instead, the
Even if it were possible to delete say 100 bytes from the front of the
file, how would SEC know that it needed to skip back 100 bytes to keep
it's concept of the current location in the file? Imagine a scenario
with multiple write to the end of the file, some of which SEC has
processed, but some