Hello Mark,
Thank you very much for you brilliant example.If fact I am planning to
implement with the same.
Here the thing is I have a main script (main.pl) which has my SEC running
in this script and takes the inputs and sometime window...because my inputs
are not static.
I have all my .conf files in one CONFIGDB directory and I want my main
script to accept the inputs and time and match the inputs with all the
.conf files and print the matched .conf file name.
Please find the below:
main.pl:
command line ARGV[];
dir = /CONFIGDB
opendir(CONFIGDB)
while(file=read(dir)) //Reading conf files one by one if not matches
my pattern.
{
SEC_EXE=perl sec -conf=dir/file -input=ARGV[0] -input=ARGV[1] --notail
print '$SEC_EXE';
}
Execution of main.pl: perl main.pl /var/test/message /var/test/alarm
60 (in sec)
Below is my exp A.conf file:
type=SingleWithScript
ptype=RegExp
pattern=ALARM RAISE SP=70307.*Threshold=lnr
desc=$0
action=spawn exec /script/test/pattern.pl --input 60sec // This action
should spawn and exec the script which takes my main.pl command line
ARGV[1] as input and 60 sec time. The matched output till 60sec should feed
to SEC again for the rule2 matching.
type=Single
ptype2=RegExp
pattern2=^(\w{3}\s+\d{1,2}\s+[\d.:]+) .* logf\[\d+\]: logf started
desc2=pattern has matched with A.conf
action2=write - %s
MY pattern.pl:
accept the ARGV[] from the A.conf and time.
while<>{
if(pattern matches)
$value= Time stamp of first matched event;
$New_value= value+time (60 secs)
}
print (logs from value to New_value);
I think, its bit fuzzy and confusing but I wish to implement a generic
things on the non realtime data.
Could you please help me in validating and implementation example for this.
I want to know whether SEC allows us to passes the ARGV[] in the spawn
action like the one I explained above.
Also if My pattern.pl executes...How can I feed my new input to the SEC for
matching the Rule2. [Is singlewithscript enough able to do the pattern
match based on my pattern.pl output ?]
Thanks in-advance.
Regards,
Karthik
On Wed, Jun 24, 2015 at 2:03 AM, Mark D. Nagel <mna...@willingminds.com>
wrote:
> On 6/23/2015 2:31 AM, Rajesh M wrote:
> > Hi Risto,
> >
> > I am facing really huge stuck with the time window which ever I'm
> defined in my .conf file.
> >
> > I know this is because all my inputs are not real-time and static files.
> >
> > Is there any alternative or other method where I can achieve this time
> window matching
> > wrt to the time stamps whichever I have with the input in SEC tool?
> >
> > i.e, 1st pattern match at X time, but my 2nd match rule is at Y time.
> [These two times
> > are from non real log file input]
> > But I am trying to implement the time window=Z to match my 2nd
> rule, i.e, X-Y=Z.
> >
>
> If I am reading this correctly, you are trying to simulate the inter-event
> delay with
> static data? Why not just feed the data in via a script that delays as
> needed and use
> stdin to SEC for testing? Your simulation script can be simple or complex
> as needed.
>
> Simple:
>
> echo "event 1"
> sleep 10
> echo "event 2"
>
> Less simple:
>
> while (<>) {
> if (/pattern/) {
> sleep 10;
> }
> print;
> }
>
> Those are just off the top of my head, but hopefully that makes sense.
> There are probably
> more elegant solutions :).
>
> Mark
>
> --
> Mark D. Nagel, CCIE #3177 Emeritus <mna...@willingminds.com>
> Principal Consultant, Willing Minds LLC (http://www.willingminds.com)
> cell: 949-279-5817, desk: 714-495-4001, fax: 714-844-4698
>
> ** For faster support response time, please
> ** email supp...@willingminds.com or call 714-495-4000
>
>
>
> ------------------------------------------------------------------------------
> Monitor 25 network devices or servers for free with OpManager!
> OpManager is web-based network management software that monitors
> network devices and physical & virtual servers, alerts via email & sms
> for fault. Monitor 25 devices for free with no restriction. Download now
> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
