Hi all,
This is my first time using sec. I intend to use it for log correlation. I
have installed the package using apt-get on a ubuntu machine. Please
someone guide me on the following two-
1. Can I start the sec service which in turn runs more than one daemon?
Say, if my /etc/default/sec file contains-
#Defaults for sec
RUN_DAEMON="yes"
DAEMON_ARGS="-conf=/home/sec/rules/rules_for_one.conf
-input=/var/log/file_one.log -detach -syslog=daemon"
DAEMON_ARGS="-conf=/home/sec/rules/rules_for_two.conf
-input=/var/log/file_two.log -detach -syslog=daemon"
This is because, both input files are completely different from each
other, neither do the rules have anything in common. So i'd rather
keep separate instances of sec running for separate log files. Currently on
running sec it only 'acknowledges' the last DAEMON_ARGS (i.e. the one for
file_two.log in this case.)
2. Secondly, using 'service sec stop' doesn't seem to work as I can still
see the process when I do a ps afterwards.
Am I missing something essential here? Please point me to the right
direction!
PS- i know ap-get installs an older version of sec. Not a problem for now.
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
