Hi all,
when I tried your action in my sec pair rule , I can get %time1 but can't
get %time2 ,
I got the error as follows:
Evaluating code 'my $str = "Wed Nov 26 2014 11:15:44 ";my
@months=('jan','feb','mar','apr','may','jun','jul','aug','sep','oct','nov','
dec');my ($day,$mon,$date,$year,$time) = split(' ',lc($str));my
%month_hash;@month_hash{@months} = (1 .. 12);return
"$year-$month_hash{$mon}-$date $time";' and setting variable '%time1'
Variable '%time1' set to '2014-11-26 11:15:44'
Evaluating code 'my $str = "Wed Nov 26 2014 11:15:46 ";my
@months=('jan','feb','mar','apr','may','jun','jul','aug','sep','oct','nov','
dec');my ($day,$mon,$date,$year,$time) = split(' ',lc($str));my
;@month_hash{@months} = (1 .. 12);return "$year-$month_hash{$mon}-$date
$time";' and setting variable '%time2'
Error evaluating code 'my $str = "Wed Nov 26 2014 11:15:46 ";my
@months=('jan','feb','mar','apr','may','jun','jul','aug','sep','oct','nov','
dec');my ($day,$mon,$date,$year,$time) = split(' ',lc($str));my
;@month_hash{@months} = (1 .. 12);return "$year-$month_hash{$mon}-$date
$time";': syntax error at (eval 10) line 1, at EOF
My sec pair rule:
type=Pair
ptype=RegExp
pattern=(\S+) (\S+) (\S+) (\S+) (\S+) (\S+) CI-6500 Carrier Loss On The LAN
in (\S+) \(majorServiceAffecting\),ifIndex=(.+)
desc=TN-15600 Carrier Loss On The LAN in %7(%8)
action=eval %time1 ( my $str = "$1 $2 $3 $4 $5 ";\
my
@months=('jan','feb','mar','apr','may','jun','jul','aug','sep','oct','nov','
dec');\
my ($day,$mon,$date,$year,$time) = split(' ',lc($str));\
my %%month_hash;\
@month_hash{@months} = (1 .. 12);\
return "$year-$month_hash{$mon}-$date $time";)
ptype2=RegExp
pattern2=(\S+) (\S+) (\S+) (\S+) (\S+) (\S+) CA-6500 Transport Layer Failure
in (\S+) \(majorServiceAffecting\),ifIndex=(.+)
desc2= HC-15600 Transport Layer Failure in $7($8)
action2=eval %time2 ( my $str = "$1 $2 $3 $4 $5 ";\
my
@months=('jan','feb','mar','apr','may','jun','jul','aug','sep','oct','nov','
dec');\
my ($day,$mon,$date,$year,$time) = split(' ',lc($str));\
my %%month_hash;\
@month_hash{@months} = (1 .. 12);\
return "$year-$month_hash{$mon}-$date $time";); write SEC_fifo
%time1,%time2, CI-6500,
CA-6500,%7,$7,%8,$8,carrierLossOnTheLAN,Critical,%6,transportLayerFailure,Ma
jor
window=10
Anyone knows what's wrong with my rule ? how to fix ?
Thanks ,
Andrew
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
