Risto
As you suggested, I have written the regular expression to select only the
last entry. The regular expression works fine.
I am sharing the content of conf file below
*type=Single*
*ptype=RegExp500*
*desc=$1*
*pattern=(?s)WY_LOG_TYPE_ERROR\s*<<\*\*(?!.*WY_LOG_TYPE_ERROR)(.*)\*\*>>$*
*action=logonly*
The problem now is SEC is firing the event twice. So if I set
action=logonly, its getting logged twice. If I set action=(send mail to
me), its sending two mails.
Any help will be highly appreciated.
On Mon, Mar 28, 2011 at 2:24 PM, Risto Vaarandi <risto.vaara...@seb.ee>wrote:
> Well, instead of clearing a buffer, write the regular expression in the way
> that it would match only once. Note that by default ^ and $ match only the
> beginning and end of the buffer, not the newlines in it. For example,
> (.*)\n(.*)$ matches two last lines from the buffer.
> kind regards,
> risto
>
>
> On 03/28/2011 10:20 AM, Varun Shankar wrote:
>
>> Risto
>>
>> Thanks for your help. Yes it worked. But I am facing another problem here.
>> Say I mention --bufsize=500 and use ptype=RegExp500
>>
>> Now say 20 lines are logged in the input file. It matches correctly.
>> Next time 50 more lines are logged in the input file, but this time the
>> previous 20 lines are still there in the buffer. So the regular
>> expression matches them also.
>> How can I clear the input buffer each time?
>>
>>
>> On Fri, Mar 25, 2011 at 8:32 PM, Risto Vaarandi <risto.vaara...@seb.ee
>> <mailto:risto.vaara...@seb.ee>> wrote:
>>
>> On 03/25/2011 02:27 PM, Supratik Goswami wrote:
>> > Hi
>> >
>> > I want to extract everything with multiple lines between two
>> markers.
>> >
>> > I want to display everything between:
>> >
>> > /WY_LOG_TYPE_ERROR <<**/
>> >
>> >
>> > /**>>/
>> > /
>> > /
>> > /
>> > /
>> > So if the text entered in the log file
>> >
>> > /WY_LOG_TYPE_ERROR <<**/
>> > /================================/
>> > / 2011-03-25 06:08:30/
>> > /================================/
>> > /Blah blah blah/
>> > /
>> > /
>> > /
>> > /Blah blah blah/
>> > /
>> > /
>> > /
>> > /
>> > /Blah blah blah/
>> > /
>> > /
>> > /
>> > /
>> > /Blah blah blah/
>> > /
>> > /
>> > /
>> > /**>>/
>> >
>> > It should match and display everything between the two markers
>> including
>> > the markers.
>> >
>> > I tried the following regular expression patterns but it is not
>> working:
>> >
>> > * pattern=(?s)WY_LOG_TYPE_ERROR\s*<<\*\*(.)*>>\*\*
>> > * pattern=(?s)WY_LOG_TYPE_ERROR\s*<<\*\*(.|\n)*>>\*\*
>> > * pattern=WY_LOG_TYPE_ERROR\s*<<\*\*(.|\n)*>>\*\*
>> >
>> >
>> > Can you please tell me what I am missing here.
>>
>> If you want to match multiple lines at once, you should also set
>> 'ptype'
>> field accordingly -- instead of RegExp, you have to use RegExpN. Also,
>> default maximum value for N is 10, so if you want to match more than 10
>> lines at once, you have to set --bufsize command line option
>> accordingly.
>> regards,
>> risto
>>
>> >
>> > --
>> > Warm Regards
>> >
>> > Supratik
>> >
>> >
>> >
>> >
>>
>>
>> ------------------------------------------------------------------------------
>> > Enable your software for Intel(R) Active Management Technology to
>> meet the
>> > growing manageability and security demands of your customers.
>> Businesses
>> > are taking advantage of Intel(R) vPro (TM) technology - will your
>> software
>> > be a part of the solution? Download the Intel(R) Manageability
>> Checker
>> > today! http://p.sf.net/sfu/intel-dev2devmar
>> >
>> >
>> >
>> > _______________________________________________
>> > Simple-evcorr-users mailing list
>> > Simple-evcorr-users@lists.sourceforge.net
>> <mailto:Simple-evcorr-users@lists.sourceforge.net>
>>
>> > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Enable your software for Intel(R) Active Management Technology to
>> meet the
>> growing manageability and security demands of your customers.
>> Businesses
>> are taking advantage of Intel(R) vPro (TM) technology - will your
>> software
>> be a part of the solution? Download the Intel(R) Manageability Checker
>> today! http://p.sf.net/sfu/intel-dev2devmar
>> _______________________________________________
>> Simple-evcorr-users mailing list
>> Simple-evcorr-users@lists.sourceforge.net
>> <mailto:Simple-evcorr-users@lists.sourceforge.net>
>>
>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>>
>>
>>
>>
>> --
>> Regards,
>> Varun Shankar
>>
>
>
--
Regards,
Varun Shankar
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
