Another thing to note is that the 'desc' parameter contains $1 which equals to the OID of the trap. This means that the action will be executed only if 5 traps with the *same* OID come in within 60 seconds. (If OIDs are different, the action will not fire.) BR, risto
On 05/21/2010 12:56 PM, Bufalo wrote: > Hi, > > i just want to integrate a SingleWithThreshold rule that works like this: > > i receive a trap to /var/log/snmptt/snmpttunknown.log. The first trap's > line in the log contains this: > > Fri May 21 11:44:16 2010: Unknown trap (OID) received from 10.15.112.38 at: > > where OID is a variable large number. Then i call this rule: > > > #Don't show alert until it repeats 5 times in 1 minute > type=SingleWithThreshold > ptype=RegExp > pattern=Unknown trap (\S+) > desc=Mensaje de $1 > action=shellcmd /home/javier/msg.sh --> this script is: #!/bin/sh > (next line) echo umbral superado >> traps.log > window=60 > thresh=5 > > > in this way: > > perl sec.pl <http://sec.pl> -conf=my2.conf > -syslog=/var/log/snmptt/snmptthandler.debug > > But it doesn´t writes nothing in traps.log. So, anyone knows what am i > doing surely wrong? > > thanks > > > > ------------------------------------------------------------------------------ > > > > > _______________________________________________ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users ------------------------------------------------------------------------------ _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
