Hi,
I have a trivial use case where I have SEC analyzing application logs on
native windows platforms. So far it is working well with my configuration
being no more complex than a bunch of 'singles' notifying about different
types of badstuff identified by RegExp.
I want to add a rule so that if no badstuff occurred in lets say, 300
seconds, it should report an 'All Clear'. Also, a node may go unused for
days at a time with no input being added to the log and I wanted to cater
for this as well, issuing the same 5 minute all clear.
I have looked at the sample rules identified in
http://www.cs.umb.edu/~rouilj/sec/rulesets/Readme.txt and I can see bits of
what I want, but my lack of familiarity at the moment has lead to a few
dead ends when I try and implement anything. Can someone help with some
pointers please, can I even achieve what I want if no lines are added to
the log?
Thanks
--
Andy
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
