Thank you Risto and John, It's exactly what I need. Is it possible to make operation over the file set as an input? To explain more precisely my point :
Actually I execute the following command : perl sec.pl -conf=SecRules.conf -input=\\\\remoteServer1\\file.log and my conf file is what you suggested me # filter out ORA-XXXXX and ORA-YYYYY type=Suppress ptype=RegExp pattern=ORA-(?:XXXXX|YYYYY) # captures all "ORA-" error except ORA-XXXXX and ORA-YYYYY and send to # myself a mail containing the hardcoded server name (remoteServer1) in the # .bat file + the error number type=Single ptype=RegExp pattern=(ORA-\d+) desc=Oracle warning, error code: $1 on my remote server action=shellcmd sendMailParam.bat $1 I have 6 log files that I plan to probe. The procedure above is good for only one file. To do what I want, I have to execute the perl command 6 times with 6 different input because I don't know whether it is possible to pick out the input file that triggered the rule as a usable parameter/variable. The aim is to avoid to have 6 different bat file just for differentiating the source. Regards -----Message d'origine----- De : John P. Rouillard [mailto:rou...@cs.umb.edu] Envoyé : lundi 21 juin 2010 15:22 À : ZERIBI Moufid Cc : simple-evcorr-users@lists.sourceforge.net Objet : Re: [Simple-evcorr-users] check pattern not in a keyword list In message <c8b29d582dbc8d458758e7d5c2b2a354011fd...@harpo.murex.com>, "ZERIBI Moufid" writes: > I have a database log file that I'd like >to analyse and send e-mail each time a keyword (ORA-) is found. The >problem is I want to exclude some specific ORA-XXXX errors. How can I >say in my pattern that I want to find all "ORA-" entries except those >which are ORA-XXXX, ORA-YYYY. > >This is actually what I have. It doesn't distinguish the uninteresting >ORA-XXXX, ORA-YYYY from the others > >>type=Single >ptype=SubStr >pattern=ORA- >desc=Oracle alert.log warning >action=shellcmd sendMail.bat In the file before this rule put some suppress rules that match the exact error you want to ignore. For example: type=Suppress ptype=SubStr pattern=ORA-XXXX desc=Ignore oracle xxxx errors type=Suppress ptype=SubStr pattern=ORA-YYYY desc=Ignore oracle yyyy errors Once a rule matches in a file, the event is not passed to the following rules unless you set the continue parameter fo the rule to takenext. So putting these suppress rules earlier in the file will consume the event and stop it from triggering your single rule. -- -- rouilj John Rouillard =========================================================================== My employers don't acknowledge my existence much less my opinions. ******************************* This e-mail contains information for the intended recipient only. It may contain proprietary material or confidential information. If you are not the intended recipient you are not authorised to distribute, copy or use this e-mail or any attachment to it. Murex cannot guarantee that it is virus free and accepts no responsibility for any loss or damage arising from its use. If you have received this e-mail in error please notify immediately the sender and delete the original email received, any attachments and all copies from your system. ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
