Hello list, I’m trying to get this rule working. The action works, but action2 does not. What am I missing?
type=PairWithWindow ptype=regexp pattern=host.(\S+)\s+subtype=\S+\smessage=.*User-ID-Agent\s+(\S+)\s(\S+): desc=(WARNING) $1 is $3 from $2 action=pipe 'sending' /etc/logzilla/scripts/sec.sh '%s' ptype2=regexp pattern2=host.(\S+)\s+subtype=\S+\smessage=.*User-ID-Agent\s+(\S+)\s(\S+): desc2=(NOTICE) You seeing this means, we have seen a recovery event. action2=pipe 'sending' /etc/logzilla/scripts/sec.sh 'recovered' window=5 Thanks, Tom Damon LogZilla
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
