Hi all,
I posted the following question on stackoverflow:
http://stackoverflow.com/questions/16921271/sec-simple-event-correlator-handle-multiple-log-files
(too long to post here)
It comes down to this: I need Sec to process multiple log files separately.
Otherwise I cannot use suppress when the same error occurs in multiple log
files!
Risto wrote that it was possible:
"SEC supports matching events coming from particular sources via file contexts.
File context is a logical identifier for one or several files which can be used
in SEC rules for restricting the scope of matching. File contexts can be set up
with the --intcontexts command line option.
If you would like to retrieve the input log file name after a regular
expression match, there is a special match variable $+{_inputsrc} which is
automatically set by SEC, and can be used alongside with $1, $2 and other
regular match variables.
Also, you are welcome to post your question to the SEC mailing list where most
of the user discussion is taking place. The list is also most likely to provide
you with a quick answer.
kind regards, risto"
Can someone provide a simple example of this?
For example: I have two log files (log1, log2) and I want to process them for
the same error (error) with suppress. How can I make sure the second error is
not suppressed?
Kind regards,
Tom
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
