Re: [Simple-evcorr-users] How to include file name in which the text is found

Wed, 29 Dec 2010 23:09:38 -0800 

I tried the same example but nothing happens.

*L01.conf:*
*
*
type=single
ptype=perlfunc
pattern=sub { if($_[0]=~/(\S+):[Ff]ile system full/) {\
return ($1, $_[1]); } else { return 0; } }
desc=File system $1 full ($2)
action=write - File system $1 full ($2)

*Executing SEC:*
*
*
perl sec-2.5.3/sec.pl -conf=L01.conf -input=app_desktop/2010-12-07.log.php

*Logging the text manually from another terminal window:*
*
*
echo "File system full"  >> 2010-12-07.log.php


*Output:*
*
*
SEC (Simple Event Correlator) 2.5.3
Reading configuration from L01.conf
1 rules loaded from L01.conf
Stdin connected to terminal, SIGINT can't be used for changing the logging
level


It is not working as expected, is there anything I am missing here.
Please let me know if any information is required.

On Tue, Dec 28, 2010 at 8:37 PM, John P. Rouillard <rou...@cs.umb.edu>wrote:

>
> In message <aanlktiknxt8zrzpagsnanzpae90ek2jh1fnf1auyw...@mail.gmail.com>,
> Supratik Goswami writes:
> >The following is my current sec configuration. I am monitoring multiple
> >files under a certain directory and when
> >it displays the error message once matched. I want SEC to display also the
> >filename in which it found the
> >pattern. Can you please tell me what modification is required in the
> >following configuration.
> >
> >type=Single
> >ptype=RegExp
> >desc=$0
> >pattern= (Error|error)
> >action=write - Error found:  $0 in file
>
> Does:
>
>   http://simple-evcorr.sourceforge.net/FAQ.html#3.25
>
> work for your application?
>
> --
>                                -- rouilj
> John Rouillard
> ===========================================================================
> My employers don't acknowledge my existence much less my opinions.
>
>
> ------------------------------------------------------------------------------
> Learn how Oracle Real Application Clusters (RAC) One Node allows customers
> to consolidate database storage, standardize their database environment,
> and,
> should the need arise, upgrade to a full multi-node Oracle RAC database
> without downtime or disruption
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>



-- 
Warm Regards

Supratik

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to