Hi,
I'm a SEC newbie and just banged my head at the following problem for hours:
I was trying to be smart during first time SEC set-up over here, so I
split my config files like
sec-00-main.conf (main settings, some variables)
sec-10-suppress.conf (early suppression of irrelevant stuff)
sec-20-single.conf (early handling of simple, single log entries)
sec-... (more complicated stuff)
So I had some really simple Suppress rules like
type=Suppress
ptype=SubStr
pattern=AF_INET
...and a final catch-all Single rule like
type=Single
ptype=RegExp
pattern=.+
desc=$0
action=write <somewhere> unhandled event "$0" at %t
I ran sec with
# perl sec.pl -conf=sec*.conf -<otherstuff>
The Suppress rules seemed to be fine, but the (temporary, debug) final
catch-all Single rule still wrote out every single message (including
those containing "AF_INET") and I couldn't find out why.
I finally found the sentence "Also, note that even if A.conf [...]"
below "TIMING AND IPC" in the manual. After some more digging I
finally understood that the immediately following example was no
solution to my problem, and about the order of configuration files
instead.
So, to help other newbies like me avoid this kind of problem, please
please pretty please[0] add a hint to the "SUPPRESS RULE" section in
the manual, like:
Note that if you are using multiple configuration files, only the
other rules in the /current/ configuration file are suppressed.
If there are other rules matching similar events in /other/
configuration files, they are executed and possibly create output
anyway.
To suppress those messages too, you have to move or copy your
Suppress rules to these other configuration files.
Because that section is where newbies like me look for documentation
of such unexpected behavior.
[0] That is, of course, assuming I understood the problem correctly
and this is the right^TM solution.
tty,
686f6c6d
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/blackberry
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
