[Simple-evcorr-users] Defining a Map for Data

2011-10-18 Thread Justin J. Novack
GigabitEthernet4/40, IMPORTANT SERVER 3 Thank you kindly, -- Justin J. Novack Official Disturber of the Peace -- All the data continuously generated in your IT infrastructure contains a definitive record of customers

Re: [Simple-evcorr-users] Defining a Map for Data

2011-10-18 Thread Justin J. Novack
) and just deal with adding a line (for each friendly named port) and recompiling the rules file every time I want to change. Thoughts? -- Justin J. Novack Official Disturber of the Peace On Tue, Oct 18, 2011 at 1:52 PM, John P. Rouillard rou...@cs.umb.eduwrote: In message CAB3_BpPsYVc+OKX5oio03tuSy

Re: [Simple-evcorr-users] How to force SEC not to process a file from start when it is being edited.

2011-10-19 Thread Justin J. Novack
File-system wise, on save, the file is created from 0 bytes and repopulated, so SEC might not know that it was a user-edit. This could happen with nano (pico), try a more powerful editor like vim (or emacs). -- Justin J. Novack Official Disturber of the Peace On Wed, Oct 19, 2011 at 6:55 AM

Re: [Simple-evcorr-users] Defining a Map for Data

2011-10-19 Thread Justin J. Novack
: Deleting SEC internal context 'SEC_INTERNAL_EVENT' Justin J. Novack Official Disturber of the Peace -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing

Re: [Simple-evcorr-users] Defining a Map for Data

2011-10-19 Thread Justin J. Novack
Sorry for the double post, I wanted to post an intermediate solution: The correct context line for the second rule would be: context= =(if (exists $hash{GigabitEthernet1/37}) { return 1;} ) This should be the last stumbling block... -- Justin J. Novack Official Disturber of the Peace

Re: [Simple-evcorr-users] Defining a Map for Data - SOLVED

2011-10-19 Thread Justin J. Novack
what you want with %host as normal. (P.S. - David, since a reload will reload the hashes, does that count as completing the extra credit? Do contexts persist a 'kill $PID -HUP'?) --- Justin J. Novack Official Disturber of the Peace

Re: [Simple-evcorr-users] Regular Expression Patterns

2011-10-24 Thread Justin J. Novack
The regex to match a blank line would be ^$ -- Justin J. Novack Official Disturber of the Peace On Sun, Oct 23, 2011 at 11:44 AM, Luis David Leija dle...@gmail.com wrote: -- L David Leija ___ Simple-evcorr-users mailing list Simple-evcorr

Re: [Simple-evcorr-users] Defining a Map for Data - SOLVED

2011-10-24 Thread Justin J. Novack
always roll-your-own SIG handler. :) --- Justin J. Novack Official Disturber of the Peace On Wed, Oct 19, 2011 at 3:37 PM, da...@lang.hm wrote: I am thinking that they are lost on a -HUP because the -HUP recompiles the rules. I am thinking that you need something along the lines of type

Re: [Simple-evcorr-users] counting your losses

2011-11-10 Thread Justin J. Novack
the event came in. If you include your DHCP sec.cfg, we might be better able to help. -- Justin J. Novack Official Disturber of the Peace On Wed, Nov 9, 2011 at 10:25 PM, Tim Peiffer peif...@umn.edu wrote: I am trying to instrument sections on our network where various protocol chat dialog