hi, you have asked a very interesting question. Swatch supports three different event counting modes which can be set with the 'type' parameter:
limit -- react to the first N events with an action and ignore the following ones (e.g., if N is 3, react to 1st, 2nd and 3rd event) threshold -- react to each Nth event with an action (e.g., if N is 3, react to 3rd, 6th, 9th, ... event) both -- react to Nth event with an action (e.g., if N is 3, react to the 3rd event only) The value of N is set with the Swatch 'count' parameter, while the size of the counting window is set with the 'seconds' parameter. The 'both' counting mode is easiest to implement with SEC, since it naturally maps to the SingleWithThreshold rule. For example, if we would like to count the event 'lets try' with a threshold of 3 in the window of 60 seconds, the rule would look like this: type=SingleWithThreshold ptype=Regexp pattern=lets try desc=three 'lets try' events in 1m action=write - %s thresh=3 window=60 In order to mimic the 'threshold' counting mode, you need to tell sec to reset the counting operation after reaching the threshold. For achieving this, change the 'action' parameter of the previous rule to the following: action=write - %s; reset 0 In your example, you are doing the counting in the 'limit' mode, which requires the execution of an action at first N instances of a given event. Since SingleWithThreshold rule does not support this functionality, we can take advantage of the EventGroup rule which is a generalization of SingleWithThreshold. The example below is a sec implementation of your first swatch rule: type=EventGroup ptype=RegExp pattern=test context=!SUPPRESS count=shellcmd screen -S s1 -p 0 -X stuff "Different text injected into the same screen session"`echo -ne '\015'` desc=Counting test events action=create SUPPRESS thresh=1 window=60 end=delete SUPPRESS Note that in order to suppress events which follow the first N instances, we are using the SUPPRESS context which is created after Nth instance has been observed. Also, the swatch 'count' and 'seconds' parameter map to sec 'thresh' and 'window' parameters, respectively. Please also note one important aspect -- swatch allows to define the scope of the counting with the 'track_by' keyword (your example did not include this functionality, though). In sec, setting the scope can be done with the 'desc' parameter which works exactly like 'track_by'. Also, the current value of the 'desc' parameter can be retrieved from the %s special variable. I hope the above examples were able to shed some light into how you could convert swatch rules to sec. kind regards, risto On 11/07/2013 09:56 AM, GrillMaster wrote: > Hi, > > I’m a little confused on how I set up rules to monitor a log file for > various strings and execute a different command for each string. I am > basically trying to convert a swatch config into sec. Here is an > example of the swatch file: > > watchfor /test/ > > exec "screen -S s1 -p 0 -X stuff "Text injected into a screen > session"`echo -ne '\015'`" > > threshold type=limit,count=1,seconds=3 > > watchfor /test2/ > > exec "screen -S s1 -p 0 -X stuff “Different text injected into > the same screen session"`echo -ne '\015'`" > > threshold type=limit,count=1,seconds=3 > > watchfor /test3/ > > exec "screen -S s1 -p 0 -X stuff “Unique text injected into the > same screen session"`echo -ne '\015'`" > > threshold type=limit,count=1,seconds=3 > > -grillmaster > > > > ------------------------------------------------------------------------------ > November Webinars for C, C++, Fortran Developers > Accelerate application performance with scalable programming models. Explore > techniques for threading, error checking, porting, and tuning. Get the most > from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk > > > > _______________________________________________ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > ------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
