In message
<cagfjscomw-dewxplqsjmaikj+qbtrpobnpb-1_dzfbydg13...@mail.gmail.com> ,
Risto Vaarandi writes:
>2013/2/6 Boyles, Gary P <gary.p.boy...@intel.com>:
>> I've been trying to get an environment-variable to work in a write
>> statement, and it doesn'tseem to work.
>>
>> This Does Not:
>> ============
>>
>> type=Single
>> continue=DontCont
>> ptype=RegExp
>> pattern=(\d+)\s+::\s+(\S+)\s+::\s+(\S+)\s+::\s+(\S+)\s+::\s+(UNKNOWN).*$
>> desc=SUPPRESS_UNKNOWN_SEV_EVENTS_FROM_NODE::$2
>> action=write $SEC_LOG/sec.suppress.log %u %s
>>
>> Prior to starting script I define and export SEC_LOG
>>
>environment variables are a concept related to a UNIX shell, and
>inside sec they are not visible. Of course, if you trigger command
>lines from sec which get interpreted by the shell, the environment
>variables make sense again [...]
>However, the 'write' action does not involve any execution of an
>external command line which would somehow make this action
>interpretable by the shell, and therefore the environment variables
>are just treated as literary strings.
What you can do is to use perl to assign sec action variable to the
value of an environment variable. E.G. Something like:
action = eval %SECLOG ($main::ENV{'SEC_LOG'}); \
write %{SECLOG}/sec.suppress.log ...
I think would work.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
