Your sample input doesn't match the regular expression. It looks like it's
expecting something like "/mnt:File system full". However, I don't have a
computer handy to test this on.
> I tried the same example but nothing happens.
>
> *L01.conf:*
> *
> *
> type=single
> ptype=perlfunc
> pattern=sub { if($_[0]=~/(\S+):[Ff]ile system full/) {\
> return ($1, $_[1]); } else { return 0; } }
> desc=File system $1 full ($2)
> action=write - File system $1 full ($2)
>
> *Executing SEC:*
> *
> *
> perl sec-2.5.3/sec.pl -conf=L01.conf -input=app_desktop/2010-12-07.log.php
>
> *Logging the text manually from another terminal window:*
> *
> *
> echo "File system full" >> 2010-12-07.log.php
>
>
> *Output:*
> *
> *
> SEC (Simple Event Correlator) 2.5.3
> Reading configuration from L01.conf
> 1 rules loaded from L01.conf
> Stdin connected to terminal, SIGINT can't be used for changing the logging
> level
>
>
> It is not working as expected, is there anything I am missing here.
> Please let me know if any information is required.
>
> On Tue, Dec 28, 2010 at 8:37 PM, John P. Rouillard
> <rou...@cs.umb.edu>wrote:
>
>>
>> In message
>> <aanlktiknxt8zrzpagsnanzpae90ek2jh1fnf1auyw...@mail.gmail.com>,
>> Supratik Goswami writes:
>> >The following is my current sec configuration. I am monitoring multiple
>> >files under a certain directory and when
>> >it displays the error message once matched. I want SEC to display also
>> the
>> >filename in which it found the
>> >pattern. Can you please tell me what modification is required in the
>> >following configuration.
>> >
>> >type=Single
>> >ptype=RegExp
>> >desc=$0
>> >pattern= (Error|error)
>> >action=write - Error found: $0 in file
>>
>> Does:
>>
>> http://simple-evcorr.sourceforge.net/FAQ.html#3.25
>>
>> work for your application?
>>
>> --
>> -- rouilj
>> John Rouillard
>> ===========================================================================
>> My employers don't acknowledge my existence much less my opinions.
>>
>>
>> ------------------------------------------------------------------------------
>> Learn how Oracle Real Application Clusters (RAC) One Node allows
>> customers
>> to consolidate database storage, standardize their database environment,
>> and,
>> should the need arise, upgrade to a full multi-node Oracle RAC database
>> without downtime or disruption
>> http://p.sf.net/sfu/oracle-sfdevnl
>> _______________________________________________
>> Simple-evcorr-users mailing list
>> Simple-evcorr-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>>
>
>
>
> --
> Warm Regards
>
> Supratik
> ------------------------------------------------------------------------------
> Learn how Oracle Real Application Clusters (RAC) One Node allows customers
> to consolidate database storage, standardize their database environment,
> and,
> should the need arise, upgrade to a full multi-node Oracle RAC database
> without downtime or disruption
> http://p.sf.net/sfu/oracle-sfdevnl_______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
