Hi, I'm using Sec in conjunction with my logserver. Over the last couple of years I've used a couple of different methods of alerting, one of which allowed me to filter by facility and priority such that anything that was marked as as facility of auth with a priority of warning or greater was sent to me.
I'd like to implement something similar with sec (in addition to a tonne of rules as a catchall) and was thinking of doing the maths on the Syslog codes for this except then I noticed that the alerts I currently get from Sec don't show the syslog codes (<xx>) at the beginning of each log. My older methods of alerting used to be passed these codes at the beginning of every log (which I then stripped out in code) so I know that the logserver must be passing them to sec, but I'm not sure if I can use them with sec seeing as I've done nothing to filter them and yet sec doesn't show them in alerts and reports when working with $0. I've had a browse back through the archives for a couple of years but didn't see anything on this. Technically you're not matching patterns as much as matching syslog facilities and priorities but these in fact come out to a prefix which you can pattern match. Can anyone offer any feedback on filtering by specific facility and priority combinations in sec? -h -- Hari Sekhon ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
