Hello guys, in fact, this question is about 2 independent things, but I see interesting parallels to think about both topics together:
I know, that it je possible to create SEC rules configurations (correlators), to process: - "multi-line" logs (means having message separator other than "\n") - multi-file logs (means monitoring all logfile paths matching wildcarded pattern, all at the same time equivalently) by converting them to "regular" lines / files, and then processing as usual. My question is, if you see, how some of this things could be accomplished in more generic way, without special configurations of correlation rules. It would be great having SEC supporting such use cases "out of box", e.g. by: - having configurable line delimiter pattern (regular expression) - accepting wildcard pattern as specification of input log file, to "monitor them all" (also dynamically adding newly created files matching wildcard and removing disappeared) I don't have clue, how hard would be implementation of such things directly in SEC (maybe question to Risto?), or if do you see also other, more straightforward, solutions, without bringing more complexity to SEC rules, I would be grateful for your know-how sharing. Have a nice days. Richard
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
