Re: [Simple-evcorr-users] How to force SEC not to process a file from start when it is being edited.

Wed, 19 Oct 2011 04:49:10 -0700 

Yes it is happening with vim.

Is there any way to tell SEC not to repopulate?

On Wed, Oct 19, 2011 at 5:01 PM, Justin J. Novack <jnov...@gmail.com> wrote:
> File-system wise, on save, the file is created from 0 bytes and repopulated,
> so SEC might not know that it was a user-edit.
> This could happen with nano (pico), try a more powerful editor like vim (or
> emacs).
> --
> Justin J. Novack
> Official Disturber of the Peace
>
>
> On Wed, Oct 19, 2011 at 6:55 AM, Supratik Goswami <supratiksek...@gmail.com>
> wrote:
>>
>> When monitoring a file using SEC, it normally tails on that file and
>> any new changes can be matched against some pattern.
>> If someone edits that file using any editor SEC recognizes that the
>> file has been recreated and shows the below message
>>
>> Input file ./testdir/p has been recreated
>> Shuffled ./testdir/p, reopening and processing from the start
>>
>> Now it will find all the matches again which it has done it earlier.
>>
>> Is there any way I can tell SEC to tail again without processing the
>> file from the start and alert once ?
>>
>> --
>> Warm Regards
>>
>> Supratik
>>
>>
>> ------------------------------------------------------------------------------
>> All the data continuously generated in your IT infrastructure contains a
>> definitive record of customers, application performance, security
>> threats, fraudulent activity and more. Splunk takes this data and makes
>> sense of it. Business sense. IT sense. Common sense.
>> http://p.sf.net/sfu/splunk-d2d-oct
>> _______________________________________________
>> Simple-evcorr-users mailing list
>> Simple-evcorr-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
>



-- 
Warm Regards

Supratik

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to