Again, the main thing here is that SEC doesn't care, it is the OS at fault
(for doing it correctly). Your editor recreates the file from 0 bytes, so
how is SEC to know it's not a new file?
Try other methods of editing the file, like sed or diff if you are crafty.
If you are just adding content to the end, do a "echo >>". Otherwise, stop
editing the file that SEC wants to sequential read :) Or write an
intermediary process.
It's not SEC's fault, it doesn't know it's the same file.
--
Justin J. Novack
Official Disturber of the Peace
On Wed, Oct 19, 2011 at 7:47 AM, Supratik Goswami
<supratiksek...@gmail.com>wrote:
> Yes it is happening with vim.
>
> Is there any way to tell SEC not to repopulate?
>
> On Wed, Oct 19, 2011 at 5:01 PM, Justin J. Novack <jnov...@gmail.com>
> wrote:
> > File-system wise, on save, the file is created from 0 bytes and
> repopulated,
> > so SEC might not know that it was a user-edit.
> > This could happen with nano (pico), try a more powerful editor like vim
> (or
> > emacs).
> > --
> > Justin J. Novack
> > Official Disturber of the Peace
> >
> >
> > On Wed, Oct 19, 2011 at 6:55 AM, Supratik Goswami <
> supratiksek...@gmail.com>
> > wrote:
> >>
> >> When monitoring a file using SEC, it normally tails on that file and
> >> any new changes can be matched against some pattern.
> >> If someone edits that file using any editor SEC recognizes that the
> >> file has been recreated and shows the below message
> >>
> >> Input file ./testdir/p has been recreated
> >> Shuffled ./testdir/p, reopening and processing from the start
> >>
> >> Now it will find all the matches again which it has done it earlier.
> >>
> >> Is there any way I can tell SEC to tail again without processing the
> >> file from the start and alert once ?
> >>
> >> --
> >> Warm Regards
> >>
> >> Supratik
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> All the data continuously generated in your IT infrastructure contains a
> >> definitive record of customers, application performance, security
> >> threats, fraudulent activity and more. Splunk takes this data and makes
> >> sense of it. Business sense. IT sense. Common sense.
> >> http://p.sf.net/sfu/splunk-d2d-oct
> >> _______________________________________________
> >> Simple-evcorr-users mailing list
> >> Simple-evcorr-users@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
> >
> >
>
>
>
> --
> Warm Regards
>
> Supratik
>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
