On Mon, 28 Mar 2011, Risto Vaarandi wrote:
In fact, I like David's approach more, since it this prevents
expensive multiline matching against *all* input. Or to put it
differently, decomposing a problem into several simple questions is
often more efficient than attacking the original issue.
one other advantage of this approach is that it can handle the case where
logs of different types get intermingled as the second step can include
whatever conditional tests that you want (check that it's from the correct
server, or from the correct application for example)
David Lang
2011/3/28 <da...@lang.hm>:
On Mon, 28 Mar 2011, Varun Shankar wrote:
Thanks for your help. Yes it worked. But I am facing another problem here.
Say I mention --bufsize=500 and use ptype=RegExp500
Now say 20 lines are logged in the input file. It matches correctly.
Next time 50 more lines are logged in the input file, but this time the
previous 20 lines are still there in the buffer. So the regular expression
matches them also.
How can I clear the input buffer each time?
one other approach that you can take is a set of three rules
first, look for the start message and when you see it set a context
second, if the context is set, add lines that you see to a report
third, look for the end message and when you see it generate your alert with
the report and clear it.
sorry I don't have time to code up an example right now.
David Lang
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself;
WebMatrix provides all the features you need to develop and publish
your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself;
WebMatrix provides all the features you need to develop and publish
your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
