In message <eddf5556138a864f836192f6d101812a1111e...@fmsmsx104.amr.corp.intel.c
om>,
"Boyles, Gary P" writes:
John P. Rouillard said:
>>What you can do is to use perl to assign sec action variable to the
>>value of an environment variable. E.G. Something like:
>>
>> action = eval %SECLOG ($main::ENV{'SEC_LOG'}); \
>> write %{SECLOG}/sec.suppress.log ...
>>
>Thanks John.
>
>I was thinking along those lines, but hadn't quite figured out what code to
>use.
You may want to create a rule the fires only once on startup and
populates a number of action variables rather than putting the evals
into an action rule that will fire on every use unless you are somehow
changing the environment on the fly.
type= single
desc= map environment vars to action vars
ptype= regexp
pattern= ^SEC_STARTUP$
context= SEC_INTERNAL_EVENT
action= eval %SECLOG ($main::ENV{'SEC_LOG'}); \
eval ....
I the pattern is correct if you use sec --intevents IIRC.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
