hi John,
Hi Risto:
>
> ...
>
>
>
> >However, if you would like to suppress the output message that is
> generated
> >on 3rd input event and rather generate an output message "Events A , B and
> >C observed for IP 1.1.1.1" on 5th input event, it is not possible to
> >achieve that goal with
Hi Risto:
In message
,
Risto Vaarandi writes:
>hi Agustin,
>> Hi Risto,
>>
>> Thank you very much for your help.
>> I have another question related to this problem.
>>
>> Suppose we have the next entry in less than 60 seconds:
>> EVENT_TYPE_A 1.1.1.1 <--- the beginning of input for SEC
>>
>
>
> However, if you would like to suppress the output message that is
> generated on 3rd input event and rather generate an output message "Events
> A , B and C observed for IP 1.1.1.1" on 5th input event, it is not possible
> to achieve that goal with EventGroup (or any other) rules, since
hi Agustin,
> Hi Risto,
>
> Thank you very much for your help.
> I have another question related to this problem.
>
> Suppose we have the next entry in less than 60 seconds:
> EVENT_TYPE_A 1.1.1.1 <--- the beginning of input for SEC
> EVENT_TYPE_A 2.2.2.2
> EVENT_TYPE_B 1.1.1.1
>
Hi Risto,
Thank you very much for your help.
I have another question related to this problem.
Suppose we have the next entry in less than 60 seconds:
EVENT_TYPE_A 1.1.1.1 <--- the beginning of input for SEC
EVENT_TYPE_A 2.2.2.2
EVENT_TYPE_B 1.1.1.1
EVENT_TYPE_B 2.2.2.2
EVENT_TYPE_C 1.1.1.1
Hello friends,
I am thinking about how to monitor not only events from log files, but also
those files existence and accessibility (for user running SEC) - in cases,
where this is considered to be a problem.
As I saw in the past, these were logged into SEC log file, but higher debug
level was