In message <[EMAIL PROTECTED]>,
"Jon Salud" writes:
>The following rule doesn't seem to be read according to /tmp/sec.dump
>
>type = Single
>desc = context $1 $2
>ptype = PerlFunc
>pattern = sub { if ($_[0] =~ /^(\S+) \S+ (\S+)/) { return ($1, $2, $_[1]); }
>return 0; }
>context = !good_ip_$1 && (bad_ip_$1 || bad_string_$2)
>action = shellcmd ./notify.ksh "%t|$3|$2|$1|$0"
>
>I populate all the good_ip_xxx, bad_ip_xxx, bad_string_xxx contexts at the
>beginning, but this rule doesn't seem to work when I try and test it. When
>I remove the parentheses from the 'context' line it somewhat works, but
>doesn't behave the way I intend it to. Any thoughts?
What does your input line look like?
Does the rule fire without any context statement?
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
