hi Gary,
environment variables are a concept related to a UNIX shell, and
inside sec they are not visible. Of course, if you trigger command
lines from sec which get interpreted by the shell, the environment
variables make sense again. For example,

env MYVAR="this is a test" sec-2.7.0/sec -conf=test.sec -input=-

would start sec with MYVAR set to "this is a test", and an action

shellcmd echo $MYVAR

would write the string "this is a test" to standard output.

However, the 'write' action does not involve any execution of an
external command line which would somehow make this action
interpretable by the shell, and therefore the environment variables
are just treated as literary strings.

hope this helps,
risto


2013/2/6 Boyles, Gary P <gary.p.boy...@intel.com>:
> Hi,
>
>
>
> I’ve been trying to get an environment-variable to work in a write
> statement, and it doesn’t seem to work.
>
>
>
> This is on Ubuntu.
>
>
>
> Should this work somehow?
>
>
>
> Thanks.
>
>
>
> This works:
>
> =========
>
> type=Single
>
> continue=DontCont
>
> ptype=RegExp
>
> pattern=(\d+)\s+::\s+(\S+)\s+::\s+(\S+)\s+::\s+(\S+)\s+::\s+(UNKNOWN).*$
>
> desc=SUPPRESS_UNKNOWN_SEV_EVENTS_FROM_NODE::$2
>
> action=write /sec/log/sec.suppress.log %u %s
>
>
>
>
>
> This Does Not:
>
> ============
>
> type=Single
>
> continue=DontCont
>
> ptype=RegExp
>
> pattern=(\d+)\s+::\s+(\S+)\s+::\s+(\S+)\s+::\s+(\S+)\s+::\s+(UNKNOWN).*$
>
> desc=SUPPRESS_UNKNOWN_SEV_EVENTS_FROM_NODE::$2
>
> action=write $SEC_LOG/sec.suppress.log %u %s
>
>
>
>
>
> Prior to starting script I define and export SEC_LOG
>
>
>
> Thanks for the help.
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to