I have a need to augment log information with something useful. The problem is that I don't know how to feed the results back into the log stream.
Consider the log entry "Peer 1.2.3.4 down" I want to dereference the value 1.2.3.4 into foo.bar.com. Do I do this as a Single and then create a new event? type=Single ptype=regex pattern=Peer (\S+) down desc=My peer at $1 went down action=shellcmd /usr/bin/host $1 ; create 60 .... ? I wish to create a new event: My peer foo.bar.com (1.2.3.4) is down Please advise on how best to handle the lookaside and augmentation. I am confused by the sec.pl man for action= and script= configuration items. Regards, Tim Peiffer Network Operations Engineer Office of Information Technology/NTS University of Minnesota/NorthernLights GigaPOP ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
