...also, if there are other events that might accidentally match the
pattern ^SEC_.*, you could test if the context SEC_INTERNAL_EVENT exists
(it's set up automatically by SEC to signal that internal event has been
generated). Also, you could refine the regular expression to match exact
events if you like. This example is a slightly modified rule from the
official documentation (in order to use it, use --intevents command line
option):
type=Single
ptype=RegExp
pattern=^(?:SEC_STARTUP|SEC_RESTART|SEC_SOFTRESTART|SEC_LOGROTATE)$
context=SEC_INTERNAL_EVENT
desc=set variables
action=assign %mailto r...@example.com; assign %hostname myhost
hope this helps,
risto
On 08/30/2013 09:24 PM, John P. Rouillard wrote:
>
> Hello Mark:
>
> In message
> <ca+faja_a7t5srbf_-u-sb0oaohvpgrb7m-5vxr5mrpqvoho...@mail.gmail.com> ,
> Mark Keisler writes:
>> Is there a way to set variables that can be used across all rules in an SEC
>> config? For instance, I am using actions mainly to pipe into sending
>> email. It would be nice to define $MAILTO and $HOSTNAME so that the pipe
>> command doesn't have to run `uname -n` every time and have the email
>> addresses typed out.
>
> All action list variables are global. So just set up a rule
> That runs when SEC starts or reloads to define your variables.
> Something like:
>
> type = single
> ptype=regexp
> pattern=^SEC_.*
> desc = set variable for later use
> action = assign %EMAIL_NOTIFY sys...@example.com; \
> assign %SECURITY_NOTIFY secur...@example.com; \
> eval %HOSTNAME (use Sys::Hostname; return hostname(););
>
> then they can be used in actions:
>
> action = pipe '$0' /bin/mailx -s "a security issue" %{SECURITY_NOTIFY}
>
> See the sec man page for details on eval assign nd action list variables.
>
> Also start your sec using -intevents (IIRC) to get the SEC* events on
> start, reload etc.
>
> --
> -- rouilj
> John Rouillard
> ===========================================================================
> My employers don't acknowledge my existence much less my opinions.
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
