On 6/23/2015 2:31 AM, Rajesh M wrote:
> Hi Risto,
>
> I am facing really huge stuck with the time window which ever I'm defined in
> my .conf file.
>
> I know this is because all my inputs are not real-time and static files.
>
> Is there any alternative or other method where I can achieve this time window
> matching
> wrt to the time stamps whichever I have with the input in SEC tool?
>
> i.e, 1st pattern match at X time, but my 2nd match rule is at Y time. [These
> two times
> are from non real log file input]
> But I am trying to implement the time window=Z to match my 2nd rule,
> i.e, X-Y=Z.
>
If I am reading this correctly, you are trying to simulate the inter-event
delay with
static data? Why not just feed the data in via a script that delays as needed
and use
stdin to SEC for testing? Your simulation script can be simple or complex as
needed.
Simple:
echo "event 1"
sleep 10
echo "event 2"
Less simple:
while (<>) {
if (/pattern/) {
sleep 10;
}
print;
}
Those are just off the top of my head, but hopefully that makes sense. There
are probably
more elegant solutions :).
Mark
--
Mark D. Nagel, CCIE #3177 Emeritus <mna...@willingminds.com>
Principal Consultant, Willing Minds LLC (http://www.willingminds.com)
cell: 949-279-5817, desk: 714-495-4001, fax: 714-844-4698
** For faster support response time, please
** email supp...@willingminds.com or call 714-495-4000
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
