simple-evcorr-users  

Messages by Thread

• • Re: [Simple-evcorr-users] how can I have something run once at startup? david
• [Simple-evcorr-users] correlate from a log or from a trap.. what's better? Bufalo
  • Re: [Simple-evcorr-users] correlate from a log or from a trap.. what's better? Risto Vaarandi
• [Simple-evcorr-users] Problem with too much files to be checked Gonzalo Rodrigo Sancho
  • Re: [Simple-evcorr-users] Problem with too much files to be checked Risto Vaarandi
  • Re: [Simple-evcorr-users] Problem with too much files to be checked Risto Vaarandi
• [Simple-evcorr-users] How To Implement Minimum Thresholds? Sven Leupold
  • Re: [Simple-evcorr-users] How To Implement Minimum Thresholds? Risto Vaarandi
  • Re: [Simple-evcorr-users] How To Implement Minimum Thresholds? Sven Leupold
  • Re: [Simple-evcorr-users] How To Implement Minimum Thresholds? Risto Vaarandi
  • Re: [Simple-evcorr-users] How To Implement Minimum Thresholds? Sven Leupold
  • Re: [Simple-evcorr-users] How To Implement Minimum Thresholds? John P. Rouillard
  • Re: [Simple-evcorr-users] How To Implement Minimum Thresholds? Sven Leupold
  • Re: [Simple-evcorr-users] How To Implement Minimum Thresholds? John P. Rouillard
  • Re: [Simple-evcorr-users] How To Implement Minimum Thresholds? Risto Vaarandi
• [Simple-evcorr-users] consulting/professional services david
  • Re: [Simple-evcorr-users] consulting/professional services Risto Vaarandi
• Re: [Simple-evcorr-users] embed a newline in action=pipe data (corrected) John P. Rouillard
  • Re: [Simple-evcorr-users] embed a newline in action=pipe data (corrected) Ronald San Juan
  • Re: [Simple-evcorr-users] embed a newline in action=pipe data (corrected) Risto Vaarandi
• [Simple-evcorr-users] action=write and dynamic filename Brian Landers
  • Re: [Simple-evcorr-users] action=write and dynamic filename John P. Rouillard
  • Re: [Simple-evcorr-users] action=write and dynamic filename Brian Landers
  • Re: [Simple-evcorr-users] action=write and dynamic filename Brian Landers
• [Simple-evcorr-users] embed a newline in action=pipe data Danielson, Graeme
  • Re: [Simple-evcorr-users] embed a newline in action=pipe data John P. Rouillard
• [Simple-evcorr-users] How to compare a numer in a pattern smartina
  • Re: [Simple-evcorr-users] How to compare a numer in a pattern John P. Rouillard
• [Simple-evcorr-users] [SEC.PL] Log rotation antonin mora
  • Re: [Simple-evcorr-users] [SEC.PL] Log rotation Risto Vaarandi
• [Simple-evcorr-users] can i let SEC monitor multiple log files? fedora fedora
  • Re: [Simple-evcorr-users] can i let SEC monitor multiple log files? Risto Vaarandi
  • Re: [Simple-evcorr-users] can i let SEC monitor multiple log files? fedora fedora
  • Re: [Simple-evcorr-users] can i let SEC monitor multiple log files? Risto Vaarandi
• [Simple-evcorr-users] -detach should allow specifying a directory John P. Rouillard
  • Re: [Simple-evcorr-users] -detach should allow specifying a directory Risto Vaarandi
• [Simple-evcorr-users] Naming variables in regexp patterns John P. Rouillard
• [Simple-evcorr-users] [SEC.PL] Using singleWithThreshold antonin mora
  • Re: [Simple-evcorr-users] [SEC.PL] Using singleWithThreshold John P. Rouillard
• [Simple-evcorr-users] [SEC.PL] Reading in an activeMQ file antonin mora
  • Re: [Simple-evcorr-users] [SEC.PL] Reading in an activeMQ file John P. Rouillard
• [Simple-evcorr-users] Fw: Complex rule ? Any idea ? Risto Vaarandi
  • Re: [Simple-evcorr-users] Fw: Complex rule ? Any idea ? Pierre Vigneras
  • Re: [Simple-evcorr-users] Fw: Complex rule ? Any idea ? Risto Vaarandi
  • Re: [Simple-evcorr-users] Fw: Complex rule ? Any idea ? Pierre Vigneras
  • Re: [Simple-evcorr-users] Fw: Complex rule ? Any idea ? Peter Wolfenden
  • Re: [Simple-evcorr-users] Fw: Complex rule ? Any idea ? Risto Vaarandi
  • Re: [Simple-evcorr-users] Fw: Complex rule ? Any idea ? Risto Vaarandi
  • Re: [Simple-evcorr-users] Fw: Complex rule ? Any idea ? Pierre Vigneras
• [Simple-evcorr-users] feature request. Tim Peiffer
• [Simple-evcorr-users] Using SEC to report on itself? Tim Peiffer
• [Simple-evcorr-users] [SEC] crashes with SingleWithThreshold rule antonin mora
  • Re: [Simple-evcorr-users] [SEC] crashes with SingleWithThreshold rule Risto Vaarandi
  • Re: [Simple-evcorr-users] [SEC] crashes with SingleWithThreshold rule John P. Rouillard
  • Re: [Simple-evcorr-users] [SEC] crashes with SingleWithThreshold rule antonin mora
• [Simple-evcorr-users] Working examples mouse
  • Re: [Simple-evcorr-users] Working examples Thomas Wollner
• [Simple-evcorr-users] help Cedrick Kim
  • Re: [Simple-evcorr-users] help John P. Rouillard
  • Re: [Simple-evcorr-users] help Risto Vaarandi
  • Re: [Simple-evcorr-users] help Cedrick Kim
  • Re: [Simple-evcorr-users] help Alberto Losada
  • [Simple-evcorr-users] Help Joanna Christou
  • Re: [Simple-evcorr-users] Help Risto Vaarandi
  • Re: [Simple-evcorr-users] Help Risto Vaarandi
  • [Simple-evcorr-users] help Graeme Danielson
  • Re: [Simple-evcorr-users] help Risto Vaarandi
• [Simple-evcorr-users] SEC-2.5.3 released Risto Vaarandi
• [Simple-evcorr-users] Scheduling context creation? Tim Peiffer
  • Re: [Simple-evcorr-users] Scheduling context creation? Risto Vaarandi
  • Re: [Simple-evcorr-users] Scheduling context creation? Risto Vaarandi
  • Re: [Simple-evcorr-users] Scheduling context creation? Tim Peiffer
  • Re: [Simple-evcorr-users] Scheduling context creation? John P. Rouillard
  • Re: [Simple-evcorr-users] Scheduling context creation? Risto Vaarandi
• [Simple-evcorr-users] [Bug if action is not knowned] antonin mora
  • Re: [Simple-evcorr-users] [Bug if action is not knowned] Risto Vaarandi
  • Re: [Simple-evcorr-users] [Bug if action is not knowned] antonin mora
• [Simple-evcorr-users] [SEC.PL] Context limitation antonin mora
  • Re: [Simple-evcorr-users] [SEC.PL] Context limitation Risto Vaarandi
• Re: [Simple-evcorr-users] SEC: limited number of characters in input stream? Risto Vaarandi
  • Re: [Simple-evcorr-users] SEC: limited number of characters in input stream? Schmid, Christof
  • Re: [Simple-evcorr-users] SEC: limited number of characters in input stream? Risto Vaarandi
  • Re: [Simple-evcorr-users] SEC: limited number of characters in input stream? Schmid, Christof
  • Re: [Simple-evcorr-users] SEC: limited number of characters in input stream? Risto Vaarandi
  • [Simple-evcorr-users] SEC: documentation about state-awareness after reloading ist configuration file? Schmid, Christof
  • Re: [Simple-evcorr-users] SEC: documentation about state-awareness after reloading ist configuration file? Risto Vaarandi
  • Re: [Simple-evcorr-users] SEC: documentation about state-awareness after reloading ist configuration file? Schmid, Christof
  • Re: [Simple-evcorr-users] SEC: documentation about state-awareness after reloading ist configuration file? John P. Rouillard
• [Simple-evcorr-users] Correlation rules based on time and paired events Smolecki, Art (OET)
  • Re: [Simple-evcorr-users] Correlation rules based on time and paired events John P. Rouillard
  • Re: [Simple-evcorr-users] Correlation rules based on time and paired events Smolecki, Art (OET)
• [Simple-evcorr-users] get value in a context antonin mora
  • Re: [Simple-evcorr-users] get value in a context John P. Rouillard
  • Re: [Simple-evcorr-users] get value in a context antonin mora
• [Simple-evcorr-users] issues with the SEC mirror site at Estonian Telecom Risto Vaarandi
• [Simple-evcorr-users] How best to handle dates in input file names Mike Rykowski
  • Re: [Simple-evcorr-users] How best to handle dates in input file names John P. Rouillard
  • Re: [Simple-evcorr-users] How best to handle dates in input file names Mikel Altuna
  • Re: [Simple-evcorr-users] How best to handle dates in input file names Mike Rykowski
  • Re: [Simple-evcorr-users] How best to handle dates in input file names Risto Vaarandi
• [Simple-evcorr-users] how can you put a newline in a context body? david
  • Re: [Simple-evcorr-users] how can you put a newline in a context body? John P. Rouillard
  • Re: [Simple-evcorr-users] how can you put a newline in a context body? david
  • Re: [Simple-evcorr-users] how can you put a newline in a context body? John P. Rouillard
  • Re: [Simple-evcorr-users] how can you put a newline in a context body? Risto Vaarandi
  • Re: [Simple-evcorr-users] how can you put a newline in a context body? Garret Heaton
  • Re: [Simple-evcorr-users] how can you put a newline in a context body? Garret Heaton
• [Simple-evcorr-users] every N minute calendar actions Joe Prosser
  • Re: [Simple-evcorr-users] every N minute calendar actions Risto Vaarandi
  • Re: [Simple-evcorr-users] every N minute calendar actions Risto Vaarandi
• [Simple-evcorr-users] Anybody going to LISA 09? John P. Rouillard
• [Simple-evcorr-users] SEC not reading lines over 1024 in length Ronald San Juan
  • Re: [Simple-evcorr-users] SEC not reading lines over 1024 in length Clayton Dukes
  • Re: [Simple-evcorr-users] SEC not reading lines over 1024 in length John P. Rouillard
  • Re: [Simple-evcorr-users] SEC not reading lines over 1024 in length david
  • Re: [Simple-evcorr-users] SEC not reading lines over 1024 in length John P. Rouillard
  • Re: [Simple-evcorr-users] SEC not reading lines over 1024 in length Ronald San Juan
  • Re: [Simple-evcorr-users] SEC not reading lines over 1024 in length Ronald San Juan
  • Re: [Simple-evcorr-users] SEC not reading lines over 1024 in length Risto Vaarandi
• [Simple-evcorr-users] Condensing syslog events J Carvalho
  • Re: [Simple-evcorr-users] Condensing syslog events John P. Rouillard
  • Re: [Simple-evcorr-users] Condensing syslog events Clayton Dukes
  • Re: [Simple-evcorr-users] Condensing syslog events John P. Rouillard
  • Re: [Simple-evcorr-users] Condensing syslog events Clayton Dukes
  • Re: [Simple-evcorr-users] Condensing syslog events david
  • Re: [Simple-evcorr-users] Condensing syslog events John P. Rouillard
  • Re: [Simple-evcorr-users] Condensing syslog events david
  • Re: [Simple-evcorr-users] Condensing syslog events J Carvalho
  • Re: [Simple-evcorr-users] Condensing syslog events J Carvalho
  • Re: [Simple-evcorr-users] Condensing syslog events Clayton Dukes
  • Re: [Simple-evcorr-users] Condensing syslog events J Carvalho
  • Re: [Simple-evcorr-users] Condensing syslog events Clayton Dukes
  • Re: [Simple-evcorr-users] Condensing syslog events david
• [Simple-evcorr-users] context= =( abs(%u - $3) > 450 ) Doesn't work. Shouldn't it? Joe Prosser
  • Re: [Simple-evcorr-users] context= =( abs(%u - $3) > 450 ) Doesn't work. Shouldn't it? John P. Rouillard
• [Simple-evcorr-users] Sudo questions Jeff Schroeder
• [Simple-evcorr-users] Problem using SingleWithThreshold Jeff Schroeder
  • Re: [Simple-evcorr-users] Problem using SingleWithThreshold Risto Vaarandi
  • Re: [Simple-evcorr-users] Problem using SingleWithThreshold Jeff Schroeder
  • Re: [Simple-evcorr-users] Problem using SingleWithThreshold Risto Vaarandi
  • Re: [Simple-evcorr-users] Problem using SingleWithThreshold Jeff Schroeder
• [Simple-evcorr-users] Accessing the age of a context Joe Prosser
  • Re: [Simple-evcorr-users] Accessing the age of a context Joe Prosser
  • Re: [Simple-evcorr-users] Accessing the age of a context Risto Vaarandi
• [Simple-evcorr-users] SEC mailing list has a search option Risto Vaarandi
• [Simple-evcorr-users] SimpleWithSupress Roger Warner
  • Re: [Simple-evcorr-users] SimpleWithSupress Risto Vaarandi
• [Simple-evcorr-users] introducing licensing for rulesets Risto Vaarandi
• [Simple-evcorr-users] How to report yourself John P. Rouillard
  • Re: [Simple-evcorr-users] How to report yourself Risto Vaarandi
  • [Simple-evcorr-users] Poll: a change in the 'set' action semantics Risto Vaarandi
• [Simple-evcorr-users] Invalid SEC context doesn't raise an error John P. Rouillard
  • Re: [Simple-evcorr-users] Invalid SEC context doesn't raise an error Risto Vaarandi
  • Re: [Simple-evcorr-users] Invalid SEC context doesn't raise an error John P. Rouillard
  • Re: [Simple-evcorr-users] Invalid SEC context doesn't raise an error Risto Vaarandi
  • Re: [Simple-evcorr-users] Invalid SEC context doesn't raise an error John P. Rouillard
  • Re: [Simple-evcorr-users] Invalid SEC context doesn't raise an error Mills, Rocky
• [Simple-evcorr-users] Correlation of TCP events in virtual interfaces? J Carvalho
  • Re: [Simple-evcorr-users] Correlation of TCP events in virtual interfaces? John P. Rouillard
  • Re: [Simple-evcorr-users] Correlation of TCP events in virtual interfaces? J Carvalho
• [Simple-evcorr-users] Problem with subpattern variable w/ wierd value John P. Rouillard
  • Re: [Simple-evcorr-users] Problem with subpattern variable w/ wierd value Risto Vaarandi
  • Re: [Simple-evcorr-users] Problem with subpattern variable w/ wierd value John P. Rouillard
• [Simple-evcorr-users] Count and report suppressed events Thomas Wollner
  • Re: [Simple-evcorr-users] Count and report suppressed events Risto Vaarandi
• [Simple-evcorr-users] _INTERNAL_EVENT not being set when processing 'event' action event John P. Rouillard
  • Re: [Simple-evcorr-users] _INTERNAL_EVENT not being set when processing 'event' action event Risto Vaarandi
  • Re: [Simple-evcorr-users] _INTERNAL_EVENT not being set when processing 'event' action event John P. Rouillard
  • Re: [Simple-evcorr-users] _INTERNAL_EVENT not being set when processing 'event' action event Risto Vaarandi
• [Simple-evcorr-users] SEC-2.5.2 released Risto Vaarandi
• [Simple-evcorr-users] How to stop sec from syslog-ng Clayton Dukes
• [Simple-evcorr-users] Suppress rule documentation 686f6c6d
  • Re: [Simple-evcorr-users] Suppress rule documentation 686f6c6d
  • Re: [Simple-evcorr-users] Suppress rule documentation Risto Vaarandi
  • Re: [Simple-evcorr-users] Suppress rule documentation John P. Rouillard
  • Re: [Simple-evcorr-users] Suppress rule documentation 686f6c6d
  • Re: [Simple-evcorr-users] Suppress rule documentation 686f6c6d
  • Re: [Simple-evcorr-users] Suppress rule documentation John P. Rouillard
  • Re: [Simple-evcorr-users] Suppress rule documentation Patrick Morris
• [Simple-evcorr-users] Multiple processes Clayton Dukes
  • Re: [Simple-evcorr-users] Multiple processes Risto Vaarandi
  • Re: [Simple-evcorr-users] Multiple processes John P. Rouillard
  • Re: [Simple-evcorr-users] Multiple processes Clayton Dukes
  • Re: [Simple-evcorr-users] Multiple processes John P. Rouillard
  • Re: [Simple-evcorr-users] Multiple processes Risto Vaarandi
  • Re: [Simple-evcorr-users] Multiple processes John P. Rouillard
  • Re: [Simple-evcorr-users] Multiple processes Clayton Dukes
• [Simple-evcorr-users] email messages as an input? Don Faulkner
  • Re: [Simple-evcorr-users] email messages as an input? Don Faulkner
  • Re: [Simple-evcorr-users] email messages as an input? John P. Rouillard
• [Simple-evcorr-users] Trigger on log file time stamp Hayward, Ben
  • Re: [Simple-evcorr-users] Trigger on log file time stamp John P. Rouillard
  • Re: [Simple-evcorr-users] Trigger on log file time stamp Hayward, Ben
  • Re: [Simple-evcorr-users] Trigger on log file time stamp Risto Vaarandi
• [Simple-evcorr-users] Thresh options Alberto Losada
  • Re: [Simple-evcorr-users] Thresh options Risto Vaarandi
• [Simple-evcorr-users] SEC for use with monitoring Uwe.Rieke
  • Re: [Simple-evcorr-users] SEC for use with monitoring Risto Vaarandi
• [Simple-evcorr-users] SEC and untrusted log content David Reiss
  • Re: [Simple-evcorr-users] SEC and untrusted log content John P. Rouillard

• Earlier messages
• Later messages