Re: [Simple-evcorr-users] Assist with multiple files

Thu, 16 Oct 2014 08:42:33 -0700 

2014-10-16 18:31 GMT+03:00 James Lay <j...@slave-tothe-box.net>:

> Hey All,
>
> I'm wanting to branch out and start using SEC to monitor multiple
> files.  I've looked at:
>
> http://simple-evcorr.sourceforge.net/SEC-tutorial/article.html
>
> and read through 3.3 Multiple Input Streams, but this looks like this
> happens at an event.  Is there a way I can pass multiple files to the
> --input option?  I'm currently running this like so:
>
> /usr/local/bin/sec --conf=/etc/sec.conf --input=/opt/var/log/myfile
> --tail --detach
>

yes, since some sec command line options can be given more than once,
including --input. For example, when you include

--input=/var/log/messages --input=/var/log/secure

in your command line, sec will monitor those two files simultaneously.
Apart from providing multiple --input options, you can also use wildcards
in file names which allow for matching several file names with one --input
statement, for example:

--input=/data/logs/db/*.log --input=/var/log/messages
--input=/var/log/secure

In addition to --input, you can also specify multiple --conf options in the
command line, in order to point sec to more than one rule file.

hope this helps,
risto


>
> Thanks for any help...still learning about this great application.
>
> James
>
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to