2014-03-11 10:34 GMT+02:00 andrewarnier <andrewarn...@gmail.com>:
> Hi ristro,
>
>
> type=PairWithWindow
> ptype=RegExp
> pattern=CI-15600 Carrier Loss On The LAN in FAC-(.+)-(.+)
> \(majorServiceAffecting\),ifIndex=(.+)
> desc=Carrier Loss On The LAN in FAC-$1-$2
> action=write - Carrier Loss On The LAN in FAC-$1-$2 ,ifIndex=$3
> ptype2=RegExp
> pattern2=CN-15600 Transport Layer Failure in FAC-(.+)-(.+)
> \(majorServiceAffecting\),ifIndex=(.+)
> desc2= Transport Layer Failure in FAC-$4-$5
> \(majorServiceAffecting\),ifIndex=$6
> action2=pipe '%t,CI-15600 <> CN-15600,TCP-15454 Carrier Loss On The LAN
> FAC-%1-%2 ifIndex=%3 and CN-15600 Transport Layer Failure FAC-%4-%5'
> /bin/mail -s "Carrier Loss On The LAN" andrewarn...@gmail.com
> window=5
>
> # perl /usr/local/sbin/sec.pl -conf=snmptt_test_sec.cfg -input=-
> 2013-11-03 20:40:55 .1.3.6.1.4.1.3607.6.10.30.0.220 Critical "ONS" CI-15600
> - CI-15600 Carrier Loss On The LAN in FAC-1-2
> (majorServiceAffecting),ifIndex=12290
> 2013-11-10 20:05:54 .1.3.6.1.4.1.3607.6.10.30.0.3540 Major "ONS" CN-15600
> -
> CN-15600 Transport Layer Failure in FAC-3-4
> (majorServiceAffecting),ifIndex=12293
>
> I have match variables in the PairWithWindow rule ,but I can't get %4 and
> %5 values
>
> 'Tue Mar 11 16:28:18 2014, CI-15600 <> CN-15600, CI-15600 Carrier Loss On
> The LAN FAC-1-2 ifIndex=12290 and CN-15600 Transport Layer Failure
> FAC-%4-%5
>
> Give me some advice pls
>
your 'pattern' field sets just three match variables -- for this reason,
4th and 5th match variable can not have any values.
risto
Andrew
>
>
> -----Original Message-----
> From: Risto Vaarandi [mailto:risto.vaara...@seb.ee]
> Sent: Monday, March 10, 2014 7:21 PM
> To: simple-evcorr-users@lists.sourceforge.net
> Subject: Re: [Simple-evcorr-users] pipe format
>
> On 03/10/2014 10:25 AM, andrewarnier wrote:
> > Hi all,
> >
> > I have set a rule as follow,
> >
> > type=PairWithWindow
> >
> > ptype1=RegExp
> >
> > pattern1=CI-16800 Carrier Loss On The LAN in FAC-(.+)-(.+)
> > \(majorServiceAffecting\),ifIndex=(.+)
> >
> > desc=Carrier Loss On The LAN in FAC-$1-$2
> >
> > action=write - Carrier Loss On The LAN in FAC-$1-$2
> >
> > ptype2=RegExp
> >
> > pattern2=CN-15600 Transport Layer Failure in FAC-(.+)-(.+)
> > \(majorServiceAffecting\),ifIndex=(.+)
> >
> > desc2= $1-$2 Transport Layer Failure in FAC-$3-$4
> > \(majorServiceAffecting\),ifIndex=$5
> >
> > action2=pipe '%t,CI-16800 <> CN-15600, CI-16800 Carrier Loss On The
> > LAN
> > FAC-$1-$2 and CN-15600 Transport Layer Failure FAC-$3-$4' /bin/mail -s
> > "Carrier Loss On The LAN" andrewarn...@gmail.com
> >
> > window=5
> >
> > then
> >
> > $ perl /usr/local/sbin/sec.pl -conf=snmptt_test_sec.cfg -input=-
> >
> > Sun Nov 3 20:40:55 2013 .1.3.6.1.4.1.3607.6.10.30.0.220 Critical "ONS"
> > CI-16800 - CI-16800 Carrier Loss On The LAN in FAC-1-2
> > (majorServiceAffecting),ifIndex=12290
> >
> > Sun Nov 10 20:05:54 2013 .1.3.6.1.4.1.3607.6.10.30.0.3540 Major "ONS"
> > CN-15600 - CN-15600 Transport Layer Failure in FAC-3-4
> > (majorServiceAffecting),ifIndex=12293
> >
> > when match the rule ,it will pipe the message as follow to my mailbox :
> >
> > Mon Mar 10 15:46:05 2014, CI-16800 <> CN-15600, CI-16800 Carrier Loss
> > On The LAN FAC-3-4 and CN-15600 Transport Layer Failure FAC-12293-$4
> >
> > Now my problem is how to transform %t format to %Y-%m-%d %H:%M:%S and
> > get patter1 and patter2 variables
> >
> > So I want to get the message as follow :
> >
> > 2014-03-10 15:46:05 , CI-16800<> CN-15600, CI-16800 Carrier Loss On
> > The LAN FAC-1-2 ifIndex=12290 and CN-15600 Transport Layer Failure in
> > FAC-3-4 ifIndex=12293
> >
> > Can anyone give me some advice on what to do please?
>
> In order to use timestamps in custom format, I would recommend to use a sec
> action which invokes Perl code, for example
>
> action=lcall %time -> ( sub { my(@time) = localtime(); \
> my($timestamp) = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", \
> $time[5]+1900, $time[4]+1, $time[3], $time[2], $time[1], $time[0]); \
> return $timestamp; } )
>
> As for the problems you have with match variables in the PairWithWindow
> rule, read the relevant example in the official documentation -- apart from
> standard $1, $2, ... variables you also need to use %1, %2, ...
> variables: http://simple-evcorr.sourceforge.net/man.html#lbAP
>
> (Note that this part of the docs was updated a lot in mid-January, so its
> worthwhile to take another look.)
>
> Also, recently there was a relevant discussion in the mailing list:
> http://sourceforge.net/p/simple-evcorr/mailman/message/31907966/
>
> hth,
> risto
>
> >
> > Andrew
> >
> >
> >
> > ----------------------------------------------------------------------
> > -------- Learn Graph Databases - Download FREE O'Reilly Book "Graph
> > Databases" is the definitive new guide to graph databases and their
> > applications. Written by three acclaimed leaders in the field, this
> > first edition is now available. Download your free book today!
> > http://p.sf.net/sfu/13534_NeoTech
> >
> >
> >
> > _______________________________________________
> > Simple-evcorr-users mailing list
> > Simple-evcorr-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
> >
>
>
>
> ----------------------------------------------------------------------------
> --
> Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is
> the
> definitive new guide to graph databases and their applications. Written by
> three acclaimed leaders in the field, this first edition is now available.
> Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
