I'm trying to do an alert when a device stops sending logs. This works well (all that's fed to sec is the hostname)
type=single ptype=regexp pattern=(\S+) context=[!SEC_INTERNAL_EVENT] desc=heartbeat_$1 action=create heartbeat_$1 240 (shellcmd /usr/local/bin/sec/notify.sh $1 '4 min') now I want to modify this so what if it doesn't start reporting again, I'll get another alert in 2 hours. so I try to do: type=single ptype=regexp pattern=(\S+) context=[!SEC_INTERNAL_EVENT] desc=heartbeat_$1 action=create heartbeat_$1 240 ( create heartbeat_$1 14400 \ (shellcmd /usr/local/bin/sec/notifiy.sh $1 '2+ hours' ); \ shellcmd /usr/local/bin/sec/notify.sh $1 '4 min') (wrapped to fit the e-mail) but after the first timeout expires, it doesn't recreate it with the longer timeout. Ideally, I'd like to have it continue to re-arm and fire every 2 hours, but until I can get the simple version working, trying to extend it beyond that isn't happening. David Lang ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
