Hello there,
The following rule doesn't seem to be read according to /tmp/sec.dump
type = Single
desc = context $1 $2
ptype = PerlFunc
pattern = sub { if ($_[0] =~ /^(\S+) \S+ (\S+)/) { return ($1, $2, $_[1]); }
return 0; }
context = !good_ip_$1 && (bad_ip_$1 || bad_string_$2)
action = shellcmd ./notify.ksh "%t|$3|$2|$1|$0"
I populate all the good_ip_xxx, bad_ip_xxx, bad_string_xxx contexts at the
beginning, but this rule doesn't seem to work when I try and test it. When
I remove the parentheses from the 'context' line it somewhat works, but
doesn't behave the way I intend it to. Any thoughts?
~Jon~
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
