Thanks to all for the examples and explanations they greatly helped not only in this but in general knowledge of how to pattern match and utilize SEC. Below is the configuration I am using as well the new error I'm getting. Any insight would be great.
# Prod Rules type=Single ptype=RegExp pattern=\[org\.apache\.catalina\.startup\.Catalina\] Server startup in ([0-9]+) ms desc=$0 #action=shellcmd /usr/local/sbin/pki/jboss-cpria3100-logrotate.sh SEC (Simple Event Correlator) 2.7.1 Reading configuration from /etc/sec/sec-cpria3100-jboss.conf Rule in /etc/sec/sec-cpria3100-jboss.conf at line 4: Keyword 'pattern' missing (needed for SINGLE rule) Rule in /etc/sec/sec-cpria3100-jboss.conf at line 4: Keyword 'desc' missing (needed for SINGLE rule) Rule in /etc/sec/sec-cpria3100-jboss.conf at line 4: Keyword 'action' missing (needed for SINGLE rule) Rule in /etc/sec/sec-cpria3100-jboss.conf at line 7: Keyword 'type' missing No valid rules found in configuration file /etc/sec/sec-cpria3100-jboss.conf Opening input file /var/app-serverlogs/prod/cpria3100-jboss.log Stdin connected to terminal, SIGINT can't be used for changing the logging level From: ward.p.fonte...@wellsfargo.com [mailto:ward.p.fonte...@wellsfargo.com] Sent: Monday, June 24, 2013 9:27 AM To: simple-evcorr-users@lists.sourceforge.net Subject: [Simple-evcorr-users] Pattern Match question Is there a good resource to demonstrate how to match more complex patterns? I need to match this pattern and I'm stumped. [org.apache.catalina.startup.Catalina] Server startup in 44 ms Any help is greatly appreciated. Paul Fontenot Enterprise Key Management & Public Key Infrastructure | EIST&O | ETS | TOG | Wells Fargo 2600 S. Price Rd. 2nd Floor | Chandler, AZ 85286 MAC S3939-022 Cell (480) 650-0301 <mailto:ward.p.fonte...@wellsfargo.com> ward.p.fonte...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
