If you want to match something with preceding and following line(s), have a
look into multiline patterns like RegExpN with N>1.
For example, consider the following sample rule:
type=single
ptype=RegExp3
pattern=(.*)\n(This is my event: .*)\n(.*)
desc=match my event with a preceding and following line
action=write - My event: $2, Preceding event: $1, Following event: $3
If you feed this rule the events
test1
This is my event: test2
test3
you will get the line "My event: This is my event: test2, Preceding event:
test1, Following event: test3" to standard output.
hope this helps,
risto
2014-02-13 4:38 GMT+02:00 andrewarnier <andrewarn...@gmail.com>:
> Hi all
>
> I have a question about how to writing event database
>
> For example:
>
>
>
> my log :
>
> Tue Feb 11 09:04:10 2014 .1.3.6.1.6.3.1.1.5.4 Normal "linkUp/Down"
> CISCO-7453P - Link Up on Interface GigabitEthernet1/20
> (up),ifIndex=20,PortType=ethernetCsmacd
>
> Tue Feb 11 09:04:10 2014 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events"
> CISCO-7453P - Link up on interface 20. Admin state: GigabitEthernet1/20.
> Operational state: ethernetCsmacd
>
> Tue Feb 11 09:04:34 2014 .1.3.6.1.2.1.17.0.2 Critical "VLAN" CISCO-7453V -
> A Spanning Tree Topology Change at Te1/0/1 on VLAN 564
>
> Tue Feb 11 09:04:39 2014 .1.3.6.1.2.1.17.0.2 Critical "VLAN" CISCO-7453V -
> A Spanning Tree Topology Change at Te1/0/1 on VLAN 564
>
> Tue Feb 11 09:04:41 2014 .1.3.6.1.2.1.17.0.2 Critical "VLAN" CISCO-7453V -
> A Spanning Tree Topology Change at Te1/0/1 on VLAN 564
>
> Tue Feb 11 09:13:07 2014 .1.3.6.1.4.1.9.9.41.2.0.1 Critical "linkUp/Down"
> CISCO-7453P - Interface GigabitEthernet1/20, changed state to down
>
>
>
> I have setting a sec rule for Spanning Tree Topology Change flapping.
> And connecting SEC to MySQL . It's possible to record the event after SEC
> and other event that not match the sec rule
>
> So ,after SEC rule, I want to have four record in my database as follow
>
> Tue Feb 11 09:04:34 2014 .1.3.6.1.2.1.17.0.2 Critical "VLAN" CISCO-7453V -
> A Spanning Tree Topology Change at Te1/0/1 on VLAN 564
>
> Tue Feb 11 09:04:10 2014 .1.3.6.1.6.3.1.1.5.4 Normal "linkUp/Down"
> CISCO-7453P - Link Up on Interface GigabitEthernet1/20
> (up),ifIndex=20,PortType=ethernetCsmacd
>
> Tue Feb 11 09:04:10 2014 .1.3.6.1.6.3.1.1.5.4 Normal "Status Events"
> CISCO-7453P - Link up on interface 20. Admin state: GigabitEthernet1/20.
> Operational state: ethernetCsmacd
>
> Tue Feb 11 09:13:07 2014 .1.3.6.1.4.1.9.9.41.2.0.1 Critical "linkUp/Down"
> CISCO-7453P - Interface GigabitEthernet1/20, changed state to down
>
>
>
>
>
> Can I do it?
>
> Can anyone give me some advice on what to do please?
>
>
>
> Andrew
>
>
>
------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience. Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
