No problem.
Happens quite frequently actually.
Thanks Jim!
;-)
From: John P. Rouillard [mailto:rou...@cs.umb.edu]
Sent: Tue 6/8/2010 9:51 AM
Cc: simple-evcorr-users@lists.sourceforge.net
Subject: Re: [Simple-evcorr-users] SEC - programmed ignore
Hi
[ Long read below. I don't mean to hijack Hari's thread. Please reply with
Subject: SEC DB or something similar if you are replying to this thread.]
Hi Hari,
I'm having this exact problem, though only with a couple of hundred SEC rules,
not thousands.
I'm even convinced that the problem
Hi Honia,
I took a look at your setup and made the following changes for testing:
type=Single
ptype=RegExp
pattern=\[\d{4}(-\d\d){2}
(\d\d:){2}\d\d\].\s*Notification:\sseverity\s*=\s*([^,]*),\s*message\s=.\s*(\S+)\|(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\|(CONFIG)
desc=$0
action=write - OKOKOKOK:
Hello Hans-Joerg,
Thanks for the compliment on the documentation. Unfortunately,
sixshooter.v6.thrupoint.net is down at the moment, as the location housing it
is shutting down. I've located a new facility and should have it back online
within the next few days.
My apologies to the list.
Hi Tim,
You might want to consider that every event adds an entry
into all three hashes, and these are kept in the same process
space as SEC itself. With a large number of events (many thousands
or hundreds of thousands as in a Denial of Service attack), you may
run out of process memory or