2011/3/29 <da...@lang.hm>: > On Mon, 28 Mar 2011, Risto Vaarandi wrote: > >> In fact, I like David's approach more, since it this prevents >> expensive multiline matching against *all* input. Or to put it >> differently, decomposing a problem into several simple questions is >> often more efficient than attacking the original issue. > > one other advantage of this approach is that it can handle the case where > logs of different types get intermingled as the second step can include > whatever conditional tests that you want (check that it's from the correct > server, or from the correct application for example)
exactly, since RegExpN patterns make sense if input is coming from one log only. regards, risto > > David Lang > >> 2011/3/28 <da...@lang.hm>: >>> >>> On Mon, 28 Mar 2011, Varun Shankar wrote: >>> >>>> Thanks for your help. Yes it worked. But I am facing another problem >>>> here. >>>> Say I mention --bufsize=500 and use ptype=RegExp500 >>>> >>>> Now say 20 lines are logged in the input file. It matches correctly. >>>> Next time 50 more lines are logged in the input file, but this time the >>>> previous 20 lines are still there in the buffer. So the regular >>>> expression >>>> matches them also. >>>> How can I clear the input buffer each time? >>> >>> one other approach that you can take is a set of three rules >>> >>> first, look for the start message and when you see it set a context >>> >>> second, if the context is set, add lines that you see to a report >>> >>> third, look for the end message and when you see it generate your alert >>> with >>> the report and clear it. >>> >>> sorry I don't have time to code up an example right now. >>> >>> David Lang >>> >>> ------------------------------------------------------------------------------ >>> >>> Enable your software for Intel(R) Active Management Technology to meet >>> the >>> >>> growing manageability and security demands of your customers. Businesses >>> >>> are taking advantage of Intel(R) vPro (TM) technology - will your >>> software >>> >>> be a part of the solution? Download the Intel(R) Manageability Checker >>> >>> today! http://p.sf.net/sfu/intel-dev2devmar >>> _______________________________________________ >>> >>> Simple-evcorr-users mailing list >>> >>> Simple-evcorr-users@lists.sourceforge.net >>> >>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Create and publish websites with WebMatrix >>> Use the most popular FREE web apps or write code yourself; >>> WebMatrix provides all the features you need to develop and publish >>> your website. http://p.sf.net/sfu/ms-webmatrix-sf >>> >>> _______________________________________________ >>> Simple-evcorr-users mailing list >>> Simple-evcorr-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users >>> >>> > ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
