> Thank you Risto and John, > > It's exactly what I need. > Is it possible to make operation over the file set as an > input? > To explain more precisely my point : > > Actually I execute the following command : > > perl sec.pl -conf=SecRules.conf > -input=\\\\remoteServer1\\file.log > > and my conf file is what you suggested me > > # filter out ORA-XXXXX and ORA-YYYYY > type=Suppress > ptype=RegExp > pattern=ORA-(?:XXXXX|YYYYY) > > # captures all "ORA-" error except ORA-XXXXX and ORA-YYYYY > and send to > # myself a mail containing the hardcoded server name > (remoteServer1) in the # .bat file + the error number > type=Single > ptype=RegExp > pattern=(ORA-\d+) > desc=Oracle warning, error code: $1 on my remote server > action=shellcmd sendMailParam.bat $1 > > I have 6 log files that I plan to probe. The procedure > above is good for only one file. To do what I want, I have > to execute the perl command 6 times with 6 different input > because I don't know whether it is possible to pick out the > input file that triggered the rule as a usable > parameter/variable.
In fact, although RegExp patterns don't allow for setting a variable that contains the input file name, there is another pattern type call PerlFunc which supports that. Have a look at the PerlFunc description on the following man page section: http://simple-evcorr.sourceforge.net/sec.pl.html#lbAG There is an example there how to get the input file name and assign it to a $<number> variable. regards, risto > The aim is to avoid to have 6 different > bat file just for differentiating the source. > > Regards > > -----Message d'origine----- > De : John P. Rouillard [mailto:rou...@cs.umb.edu] > > Envoyé : lundi 21 juin 2010 15:22 > À : ZERIBI Moufid > Cc : simple-evcorr-users@lists.sourceforge.net > Objet : Re: [Simple-evcorr-users] check pattern not in a > keyword list > > > In message <c8b29d582dbc8d458758e7d5c2b2a354011fd...@harpo.murex.com>, > "ZERIBI Moufid" writes: > > I have a database log file that I'd like > >to analyse and send e-mail each time a keyword (ORA-) > is found. The > >problem is I want to exclude some specific ORA-XXXX > errors. How can I > >say in my pattern that I want to find all "ORA-" > entries except those > >which are ORA-XXXX, ORA-YYYY. > > > >This is actually what I have. It doesn't distinguish > the uninteresting > >ORA-XXXX, ORA-YYYY from the others > > > >>type=Single > >ptype=SubStr > >pattern=ORA- > >desc=Oracle alert.log warning > >action=shellcmd sendMail.bat > > In the file before this rule put some suppress rules that > match the > exact error you want to ignore. For example: > > type=Suppress > ptype=SubStr > pattern=ORA-XXXX > desc=Ignore oracle xxxx errors > > type=Suppress > ptype=SubStr > pattern=ORA-YYYY > desc=Ignore oracle yyyy errors > > Once a rule matches in a file, the event is not passed to > the > following rules unless you set the continue parameter fo > the rule to > takenext. So putting these suppress rules earlier in the > file will > consume the event and stop it from triggering your single > rule. > > -- > > -- rouilj > John Rouillard > =========================================================================== > My employers don't acknowledge my existence much less my > opinions. > > ******************************* > This e-mail contains information for the intended recipient > only. It may contain proprietary material or confidential > information. If you are not the intended recipient you are > not authorised to distribute, copy or use this e-mail or any > attachment to it. Murex cannot guarantee that it is virus > free and accepts no responsibility for any loss or damage > arising from its use. If you have received this e-mail in > error please notify immediately the sender and delete the > original email received, any attachments and all copies from > your system. > > ------------------------------------------------------------------------------ > ThinkGeek and WIRED's GeekDad team up for the Ultimate > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the > lucky parental unit. See the prize list and enter to > win: > http://p.sf.net/sfu/thinkgeek-promo > _______________________________________________ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users