Hi,

Thanks again for your response.

The first doubt i still can´t understand. I just solved adding a rule like
this and it starts processing.

type=Single
ptype=SubStr
pattern=SEC_STARTUP
context=SEC_INTERNAL_EVENT
desc=init Signal
action=create SIGNALSCONTEXT; event reloadSec;

Here is the output for the doubt 1 when the rule above is not added:

Mon Feb 12 10:24:11 2018: SEC (Simple Event Correlator) 2.6.2
Mon Feb 12 10:24:11 2018: Reading configuration from
c:\alerts\iniSignals.conf
Mon Feb 12 10:24:11 2018: Reading configuration from
c:\alerts\SecSignalsRules.conf
Mon Feb 12 10:24:11 2018: Reading configuration from c:\alerts\parser.conf
Mon Feb 12 10:24:11 2018: Reading configuration from
c:\alerts\conditions.conf
Mon Feb 12 10:24:11 2018: Reading configuration from
c:\alerts\alert001\Filter001.conf
Mon Feb 12 10:24:11 2018: Reading configuration from
c:\alerts\alert001\Alert001.conf

And here Stops till the hour is reached in calendar rule.

Rule calendar example:
type=Calendar
time= */5 * * * *
desc= $0
action= create SIGNALSCONTEXT; event reloadSec;

or

type=Calendar
time= 00 11 * * *
desc= $0
action= create SIGNALSCONTEXT; event reloadSec;

When calendar rule is reached it works as charm.

Doubt 2=> i had a typo on my -input option and it could not load it. It´s
solved.

Thank you. Regards.







2018-01-31 20:04 GMT+01:00 Risto Vaarandi <risto.vaara...@gmail.com>:

>
>
> 2018-01-31 16:13 GMT+02:00 Jaren Peich <burkol...@gmail.com>:
>
>> Hi,
>>
>> Thanks again for sharing your work, i was testing and studying a little
>> bit and firstly i could not use as it comes because in SEC 2.6.2 and
>> Strawberry Perl 5.14.3.1 are not supported. Then i rewrite the code a
>> little bit for using it . Commands such  "given" and "when" are not
>> included in this compilation, also i had to modify log level in
>> "fake_signal_handler" method and change " LOG_WITHOUT_LEVEL" and set up
>> " LOG_WARN". I did the following modifications to work:
>>
>>
>>
> ...
>
>
>>
>>
>> I load the files with a path regexp like this:
>>
>> C:\logs\*roduction\*\*.log
>>
>> And it generates paths like this:
>>
>> C:\logs\Production\Device1\log.log
>> C:\logs\production\Device3\log.log
>> C:\logs\Production\Device5\log.log
>> C:\logs\production\Device8\log.log
>>
>> and sec process.
>>
>> During the processing if i had new files in the input scope don´t read
>> it. Just read the first paths loaded.
>>
>> For example a file is added in the following path:
>>
>> C:\logs\production\Device9\log.log
>>
>> During the next reload system has to generate the following paths:
>>
>> C:\logs\Production\Device1\log.log
>> C:\logs\production\Device3\log.log
>> C:\logs\Production\Device5\log.log
>> C:\logs\production\Device8\log.log
>> C:\logs\production\Device9\log.log
>>
>> Sec and perl could not reach it and process the new file.
>>
>> C:\logs\production\Device9\log.log
>>
>> Which kind of signal i have to send? It´s a little bit confusing for me.
>>
>> I launch the process with the following options: --blocksize=1024
>> --bufsize=10 --cleantime=1 --debug=4 --nodetach --nofromstart
>> --nointcontexts --intevents --nokeepopen --log=E:\output.log --noquoting
>> --reopen_timeout=10 --tail
>>
>>
>>
> In the above list of command line options, there is no --input option
> specified. That would imply that sec is running without input sources,
> however, you have mentioned that you have specified input files with
> wildcards. How does the --input option look like in your actual command
> line? Also, the above list also lacks --conf options that specify rule
> files. Are you sure the rule files get actually loaded?
>
> But most importantly, what messages are appearing in the sec log
> (e:\output.log) when reloadSec event is generated?
>
> kind regards,
> risto
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to