Hello- Ideally, at sec termination I would like a summary of how many times each rule was called. I'm mainly looking for dead/unused rules in my config.
I searched the mailing list for 'dead' and 'unused' and came up empty. Admittedly I have perused the intimidatingly long manpage but haven't read it front to back. My config at this point is mostly a glorified "grep -v" [type=Suppress] with a simple catch-all write at the end of the rule chain. I've seen rule number mentioned in 'EVENT CORRELATION OPERATIONS' section of the manpage with respect to event correlation, but I'm not really using "type=SingleWithThreshold" nor am I quite sure if the rule number is a variable I can easily get to. Any pointers on how best to achieve? The only thing that came to my mind [as of yet untried, because I'm hoping for something more elegant] would be for each rule to have an action that appends the current rule number to a file for me to process outside of sec. -Michael ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
