Re: [Simple-evcorr-users] executing multiple actions
hi Stuart, I just saw a post with almost the same question as the previous one (perhaps it was posted before my answer reached your mailbox), and my apologies if information in this email is redundant. > > Correction -- this also produces the same error > > But this does not: > # - Radius Auth Failure - > # > type=SingleWithSuppress > ptype=regexp > pattern=T(\d\d:\d\d:\d\d).*? (.*?) poll-radius.*?Radius auth request against > (.*?) failed > desc=$3 Radius auth request failed > action=write /home/tocops/.tocpipe ops $1 Radius on $3 failed; > action=shellcmd /opt/local/script/send-sms -m %s -s sec -r stuartk In the above line, the 'action' keyword appears twice, and that's the reason for the syntax error. For fixing the problem, the 'action' keyword in front of the second action (shellcmd) should be removed, and the line should be rewritten as: action=write /home/tocops/.tocpipe ops $1 Radius on $3 failed; shellcmd /opt/local/script/send-sms -m %s -s sec -r stuartk > window=60 > > --sk > kind regards, risto ___ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
Re: [Simple-evcorr-users] executing multiple actions
hi Stuart, if you want to specify multiple actions for the 'action' field of the rule, semicolon should indeed be used as a separator. However, the 'action' keyword with an equal sign should appear just once in the beginning of the rule field definition. Therefore, the example rule from your post would need one small modification: type=SingleWithSuppress ptype=regexp pattern=T(\d\d:\d\d:\d\d).*? (.*?) poll-radius.*?Radius auth request against (.*?) failed desc=$3 Radius auth request failed action=write /home/tocops/.tocpipe ops $1 Radius on $3 failedwindow=5; shellcmd /opt/local/script/send-sms -m %s -s sec -r stuartk window=60 hope this helps, risto Kontakt Stuart Kendrick () kirjutas kuupäeval K, 17. märts 2021 kell 00:48: > > I am struggling to execute multiple actions. I don't see mention of how to > execute multiple actions in the sec man page > http://simple-evcorr.github.io/man.html ... but from this page: > http://simple-evcorr.sourceforge.net/SEC-tutorial/article.html > I believed that separating actions with semi-colons would be sufficient > > > But perhaps not > > > This works: > # - Radius Auth Failure - > # > type=SingleWithSuppress > ptype=regexp > pattern=T(\d\d:\d\d:\d\d).*? (.*?) poll-radius.*?Radius auth request against > (.*?) failed > desc=$3 Radius auth request failed > action=shellcmd /opt/local/script/send-sms -m %s -s sec -r stuartk > window=60 > > As does this: > # - Radius Auth Failure - > # > type=SingleWithSuppress > ptype=regexp > pattern=T(\d\d:\d\d:\d\d).*? (.*?) poll-radius.*?Radius auth request against > (.*?) failed > desc=$3 Radius auth request failed > action=write /home/tocops/.tocpipe ops $1 Radius on $3 failedwindow=5 > window=60 > > But this does not: > # - Radius Auth Failure - > # > type=SingleWithSuppress > ptype=regexp > pattern=T(\d\d:\d\d:\d\d).*? (.*?) poll-radius.*?Radius auth request against > (.*?) failed > desc=$3 Radius auth request failed > action=write /home/tocops/.tocpipe ops $1 Radius on $3 failedwindow=5; > action=shellcmd /opt/local/script/send-sms -m %s -s sec -r stuartk > window=60 > > > 2021-03-16T15:09:56.146094-07:00 vishnu sec[7941]: Reading configuration from > /opt/local/etc/sec/service.conf > 2021-03-16T15:09:56.146198-07:00 vishnu sec[7941]: Rule in > /opt/local/etc/sec/service.conf at line 8: Invalid action 'action=shellcmd > /opt/local/script/send-sms -m %s -s sec -r stuartk' > 2021-03-16T15:09:56.146289-07:00 vishnu sec[7941]: Rule in > /opt/local/etc/sec/service.conf at line 8: Invalid action list ' write > /home/tocops/.tocpipe ops $1 Radius on $3 failedwindow=5; action=shellcmd > /opt/local/script/send-sms -m %s -s sec -r stuartk ' > 2021-03-16T15:09:56.146363-07:00 vishnu sec[7941]: No valid rules found in > configuration file /opt/local/etc/sec/service.conf > > Is executing multiple actions supported? If so, do I need more than a > semi-colon in terms of syntax? > > --sk > > Stuart Kendrick > Allen Institute > > > ___ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users ___ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
[Simple-evcorr-users] executing multiple actions
I am struggling to execute multiple actions. I don't see mention of how to execute multiple actions in the sec man page http://simple-evcorr.github.io/man.html ... but from this page: http://simple-evcorr.sourceforge.net/SEC-tutorial/article.html I believed that separating actions with semi-colons would be sufficient But perhaps not This works: # - Radius Auth Failure - # type=SingleWithSuppress ptype=regexp pattern=T(\d\d:\d\d:\d\d).*? (.*?) poll-radius.*?Radius auth request against (.*?) failed desc=$3 Radius auth request failed action=shellcmd /opt/local/script/send-sms -m %s -s sec -r stuartk window=60 As does this: # - Radius Auth Failure - # type=SingleWithSuppress ptype=regexp pattern=T(\d\d:\d\d:\d\d).*? (.*?) poll-radius.*?Radius auth request against (.*?) failed desc=$3 Radius auth request failed action=write /home/tocops/.tocpipe ops $1 Radius on $3 failedwindow=5 window=60 But this does not: # - Radius Auth Failure - # type=SingleWithSuppress ptype=regexp pattern=T(\d\d:\d\d:\d\d).*? (.*?) poll-radius.*?Radius auth request against (.*?) failed desc=$3 Radius auth request failed action=write /home/tocops/.tocpipe ops $1 Radius on $3 failedwindow=5; action=shellcmd /opt/local/script/send-sms -m %s -s sec -r stuartk window=60 2021-03-16T15:09:56.146094-07:00 vishnu sec[7941]: Reading configuration from /opt/local/etc/sec/service.conf 2021-03-16T15:09:56.146198-07:00 vishnu sec[7941]: Rule in /opt/local/etc/sec/service.conf at line 8: Invalid action 'action=shellcmd /opt/local/script/send-sms -m %s -s sec -r stuartk' 2021-03-16T15:09:56.146289-07:00 vishnu sec[7941]: Rule in /opt/local/etc/sec/service.conf at line 8: Invalid action list ' write /home/tocops/.tocpipe ops $1 Radius on $3 failedwindow=5; action=shellcmd /opt/local/script/send-sms -m %s -s sec -r stuartk ' 2021-03-16T15:09:56.146363-07:00 vishnu sec[7941]: No valid rules found in configuration file /opt/local/etc/sec/service.conf Is executing multiple actions supported? If so, do I need more than a semi-colon in terms of syntax? --sk Stuart Kendrick Allen Institute ___ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
