Of course I would be interested too :D Using varmaps is somewhat limited. For instance, AFAIK you can't assign a variable the string 'deny' regardless the value of the captured group is 'Deny', 'denied', 'DROP', etc
Regards, On Tue, 13 Dec 2011 10:26:36 -0800 "Mark D. Nagel" <mna...@willingminds.com> wrote: > On 12/13/2011 4:20 AM, Risto Vaarandi wrote: > > hi all, > > some months ago, we had a discussion on rewriting input events: > > > > http://sourceforge.net/mailarchive/forum.php?thread_name=4E066179.3010304%40willingminds.com&forum_name=simple-evcorr-users > > > > > > Would a similar feature be of interest to the end users? :) > > I was thinking about attacking the problem in a more general way, but > > couldn' find a truly elegant solution :( > > Obviously, I'd still like that :). We are in the middle of planning a > change of Windows Event Log export tools, and of course the format is > different. Instead of rewriting all our rules, we could instead > transform the new input to look like the old input. Of course, with > the new cached pattern tools, we could redo our rules once to extract > the fields we need and then change the extraction rules instead to match > the new input, using the cached fields in the revised ruleset. > Regardless, being able to transform input in place with no other changes > in context, etc. would be a handy tool to have available. > > Thanks, > Mark > > -- > Mark D. Nagel, CCIE #3177 <mna...@willingminds.com> > Principal Consultant, Willing Minds LLC (http://www.willingminds.com) > cell: 949-279-5817, desk: 714-495-4001, fax: 949-623-9854 > > ** For faster support response time, please > ** email supp...@willingminds.com or call 714-495-4000 > > > ------------------------------------------------------------------------------ > Systems Optimization Self Assessment > Improve efficiency and utilization of IT resources. Drive out cost and > improve service delivery. Take 5 minutes to use this Systems Optimization > Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/ > _______________________________________________ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users -- Alberto Cortón Dept. Integración de productos propios Tlf: 902 222 521 www.s21sec.com 10 años comprometidos con la seguridad. La información contenida en este mail, así como los archivos adjuntos, es CONFIDENCIAL. Grupo S21sec Gestión, S.A. garantiza la adopción de las medidas necesarias para asegurar el tratamiento confidencial de los datos de carácter personal. En el caso de que el destinatario del correo no sea usted, le rogamos envíe una notificación al remitente y lo destruya de forma inmediata. La lectura y/o manipulación de esta información en la situación señalada anteriormente será considerada ilegal, permitiendo a la empresa remitente realizar acciones legales de diferente envergadura. ------------------------------------------------------------------------------ Cloud Computing - Latest Buzzword or a Glimpse of the Future? This paper surveys cloud computing today: What are the benefits? Why are businesses embracing it? What are its payoffs and pitfalls? http://www.accelacomm.com/jaw/sdnl/114/51425149/ _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
