sec -conf=/home/me/sec/C1.conf -input=/home/me/sec/inputStream.dat
2011/7/26 John Grasett <john.gras...@atech.com>
> How are you invoking SEC? what's the command line yo use to start it?
>
> Cheers!
>
> John G.
>
> Date: Tue, 26 Jul 2011 15:51:01 +0200
> From: Elia Mariani <chaotic.eng...@gmail.com> <chaotic.eng...@gmail.com>
> Subject: [Simple-evcorr-users] Filtering duplicate events
> To: simple-evcorr-users@lists.sourceforge.net
> Message-ID:
> <caopnse8fvrw9qxhb3zmj4r6+asaadm2mzt__tk-9+sn1gj5...@mail.gmail.com><caopnse8fvrw9qxhb3zmj4r6+asaadm2mzt__tk-9+sn1gj5...@mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> Hello,
>
> I am trying to learn using SEC and I have encountered the following
> problem:
>
> I am monitoring a text file with the following simplified rule:
>
> type=Single
> ptype=RegExp
> pattern=foo\s+(\S+)
> desc=$0
> action=logonly
>
> Everytime the file is updated, SEC processes it from the start, firing
> rules
> that were already fired before. For example, when I am monitoring a file
> that track users logins, everytime a new user logs in, SEC processes the
> entire files, executing actions for every login entry. Even for those whose
> action has already been executed before.
>
> I would like to know if it is possible to make SEC fire rules only for new
> events.
>
> Thanks for the help.
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
>
> ------------------------------------------------------------------------------
> Magic Quadrant for Content-Aware Data Loss Prevention
> Research study explores the data loss prevention market. Includes in-depth
> analysis on the changes within the DLP market, and the criteria used to
> evaluate the strengths and weaknesses of these DLP solutions.
> http://www.accelacomm.com/jaw/sfnl/114/51385063/
>
> ------------------------------
>
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
>
> End of Simple-evcorr-users Digest, Vol 60, Issue 1
> **************************************************
>
>
>
> ------------------------------------------------------------------------------
> Magic Quadrant for Content-Aware Data Loss Prevention
> Research study explores the data loss prevention market. Includes in-depth
> analysis on the changes within the DLP market, and the criteria used to
> evaluate the strengths and weaknesses of these DLP solutions.
> http://www.accelacomm.com/jaw/sfnl/114/51385063/
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
>
------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
