Re: [Simple-evcorr-users] Running sec as an init script

Tue, 26 Aug 2014 11:30:42 -0700 

2014-08-25 9:35 GMT+03:00 VIDISHA SHARMA <vidisha...@gmail.com>:

> Hi all,
>
> This is my first time using sec. I intend to use it for log correlation.
>  I have installed the package using apt-get on a ubuntu machine. Please
> someone guide me on the following two-
>
> 1. Can I start the sec service which in turn runs more than one daemon?
> Say, if my /etc/default/sec file contains-
>
>  #Defaults for sec
> RUN_DAEMON="yes"
> DAEMON_ARGS="-conf=/home/sec/rules/rules_for_one.conf
> -input=/var/log/file_one.log -detach -syslog=daemon"
> DAEMON_ARGS="-conf=/home/sec/rules/rules_for_two.conf
> -input=/var/log/file_two.log -detach -syslog=daemon"
>
> This is because, both input files are completely different from each
> other, neither do the rules have anything in common. So i'd rather
> keep separate instances of sec running for separate log files. Currently on
> running sec it only 'acknowledges' the last DAEMON_ARGS  (i.e. the one
> for file_two.log in this case.)
>

> 2. Secondly, using 'service sec stop' doesn't seem to work as I can still
> see the process when I do a ps afterwards.
>
> Am I missing something essential here? Please point me to the right
> direction!
>

I seem to remember that on redhat-like platforms one had to use constructs
like DAEMON_ARGS[0], DAEMON_ARGS[1], etc, in order to start multiple
daemons from the init script. If the ubuntu package does not support them,
you can submit an enhancement request through Ubuntu package site (
http://packages.ubuntu.com/utopic/sec). Also, if you have discovered
something which looks like a bug in the init script, I'd again recommend to
contact the package maintainers.
kind regards,
risto



>
> PS- i know ap-get installs an older version of sec. Not a problem for now.
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
>

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to