On 11/17/10 3:13 PM, Tim Peiffer wrote:
I need some help in debugging a context expression. I create
intercept zones in my recursive DNS configurations in a somewhat
automated manner. Conversely, I would like to know when the zones
expire, and take action on the expiring zone. I think I can cause a
SEC calendar event to extract the zone name and expiration details out
of the configurations and a Single RegExp2 rule to parse those zones
looking for candidates.
Would any of you kind souls be willing to debug the below for me? I
am having problems in particular with the context expression and
comparison against %alnum variables.
I think I figured it out. From the manual page, it looks like I can set
the $alnum variable inside the perl mini code, and then eval takes on
that value under %alnum. %alnum is usable in actions and $alnum is
available within patterns and context expressions.
That is pretty neat and tidy.. too bad I didn't see that earlier.
Regards,
Tim Peiffer
SEC allows the user to define patterns, context
expressions, and
actions which involve calls to the Perl eval() function.
In addition
to explicitly using %<alnum_name> variables that are global
across the
rules, the user can implicitly employ Perl variables
created with
eval() for the same purpose. E.g., when SEC has executed the
following
action
action=eval %a ($b = 1)
the variable $b and its value will become visible in the
following
context expression
context= =(++$b > 10)
type=Single
desc=Set variables and things on startup or restart of sec (core)
ptype=RegExp
pattern=SEC_(STARTUP|RESTART|SOFTRESTART)
context=[ SEC_INTERNAL_EVENT ]
action=eval %YY ( `/bin/date +%y` ; ); \
eval %MM ( `/bin/date +%m` ; ); \
eval %DD ( `/bin/date +%m` ; ); \
logonly "date %{MM}/%{DD}/%{YY}"
type=Calendar
time=47 * * * *
desc=zone expirations
action=spawn /bin/egrep -i "intercept|zone"
/exemplar/named.conf.intercept
# //
# // DNS Intercept expire 11/17/2011 TicketNNNNN
# zone "fresh-phish.com" {
# type forward;
# forward only;
# forwarders {
# 1.2.3.4; //my authoritative server 1
# 2.1.3.4; //my authoritative server 2
# };
# };
type=Single
ptype=RegExp2
pattern=DNS Intercept expire (\d+)/(\d+)/(20)?(\d+) (\S+)\nzone "(\S+)"
desc=zone expiration zone $6 ticket $5 date $1/$2/$4
action=logonly XXXXX expires today %s XXXXXX
context= =("$1" eq "%{MM}" && "$2" eq "%{DD}" && "$4" eq "%{YY}" )
Regards,
Tim Peiffer
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
