In message <000301cb0e2e$7a76c680$6f6453...@com>,
"Carlos Barrios Vicente" writes:
>I have a rule in sec that creates context with a part of the pattern in the
>name of the context. I use this expression:
>
>action= create arrancado_$1
>
>I want to delete all de contexts of this rule once a day.
Note that you can set a lifetime on a context so it will delete
itself. It is a relative lifetime though, so you can't say "delete
this context at a specific time". I'm not sure if that works around
your problem but I just thought I'd mention it.
>I need something like
>
>Action= delete * (or arrancado_*)
The way I would do it is to add a control channel that lets me
manipulate contexts by commands to an external file.
sec -input /var/lib/sec/CONTROL=CONTROL ...
Sets up a new input file that will have the context name CONTROL
created when data is read from it. You should use normal
chmod/chown/chgrp commands to make sure that only the running SEC
process and other trusted sources can write to /var/lib/sec/CONTROL.
Then add the rule:
type=single
continue=dontcont
ptype=regexp
pattern=^delete (.*)
desc= delete a context
context = CONTROL
action= delete $1
to delete a context when a line that looks like:
delete someContextName
is appended to /var/lib/sec/CONTROL.
Now to get a list of currently defined contexts and create the
deletion requests, use
type = SingleWithScript
desc = get all contexts and delete selected ones
ptype = regexp
pattern = extract and delete arrancado_ contexts
action = none
script = sed -ne '/^arrancado_/s/^/delete /p' >> /var/lib/sec/CONTROL
The script receives the list of the names of the currently defined
contexts on stdin. One context name per line.
All the sed script does is match any line starting with arrancado_ and
then prepend the word 'delete' and a space to it and then print
it. The printed output is sent to the control file where the first
rule will delete the matching contexts.
My script= syntax may not work as I can't remember if I needed to
actually write a shell script or if I just put a shell command with
shell redirection in there.
To tigger the SingleWithScript rule once a day, you can use a normal
cron job (see crontab(5) usually) with the command:
echo "extract and delete arrancado_ contexts" > /var/lib/sec/CONTROL
if you choose this method you probably want to add "context = CONTROL"
to the SingleWithScript rule.
Instead of using cron, you could use a calendar rule in SEC:
type = calendar
time = 0 0 * * *
desc = trigger cleanup of arrancado_ contexts
action = event extract and delete arrancado_ contexts
to trigger the cleanup.
This should leave a fair amount of log and debugging info around so it
is relatively easy to troubleshoot.
The other way I know of is faster, but requires knowing the internals
of SEC and uses perl code to directly delete the contexts from the
associative array.
>If I do a SIGHUP or I restart de process it will work, but I can't
>do that
Well you can (I send signals (usually USR1) to a running SEC process
from inside that process) but it will delete more info than you want.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
