In message
<CAP=psmccfrg2f_wajmtf7m7wwmk-q14njjtzeynct0os9-r...@mail.gmail.com> ,
Akash Rao writes:
>Please point me to a link if this has been discussed already. I could not
>find it in the archives.
>
>I am parsing one input file through SEC and want to write the events
>processed to a different file each day. The filename should be mmddyyyy
>format.
I would suggest yyyymmdd format so that a listing of the files sorts
in chronologic order but...
>Can this be done within SEC? Any pointers would be greatly appreciated.
If you are writing the events using write, try this:
type = calendar
desc = set output file at the beginning of every day
time = 0 0 * * *
rem = call perl strftime to generate the file string. Make sure to
rem = double the % signs in the format string so sec doesn't try to
rem = replace them with variable values.
action = eval %outfile (\
my $filename=strftime("%%Y%%0m%%d.file", gmtime()); \
return $filename; )
type = single
desc = set output file on SEC_STARTUP
ptype = regexp
pattern = ^SEC_STARTUP$
rem = put the use strftime here to import it for later use as well
rem = as set the filename.
rem = must run sec with the -intevents option to get the SEC_STARUP event.
action = eval %outfile (use POSIX qw(strftime); \
my $filename=strftime("%%Y%%0m%%d.file", gmtime()); \
return $filename; )
type = single
desc = write to output file
ptype = regexp
pattern = .*
action = write %{outfile} $0
note this generates a date in YYYYMMDD format. Modifying the strftime
call to produce what you requested is left as an exercise.
This could also be impleneted using (precompiled) perl code called
with lcall or call, but the eval (and thus parse/compilation) is only
once a day usually so doesn't seem worth the extra complexity of
setting up for call/lcall.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
