Thank you for you reply.
On Thu, Feb 26, 2009 at 6:04 PM, John P. Rouillard <[email protected]>wrote:
>
> Are you tailing /var/log/secure into /tmp/sec, or are you echoing
> lines that look like /var/log/secure into /tmp/sec?
Before I received your reply, I was copying and pasting the log line into a
command like this:
'echo "<log data>" > /tmp/sec'; but since I've tried doing 'tail -f
/var/log/secure > /tmp/sec' and
am receiving the same results. The test event ( I am generating this event
myself by failing a
SSH login repeatedly ) is triggered by /tmp/sec, but not by /var/log/secure.
> What does a state dump (send kill -USR1 to the sec process) show for
> the lines in the buffer?
>
When I try this with '-input /var/log/secure' only, the 'last 10 input
lines' in sec.dump do not include the lines in question. It is as though
they aren't in the log.
When I try this while including '-input /tmp/sec' and 'tail -f
/var/log/secure > /tmpsec', I see the lines in question appear in the 'last
10 input lines' in sec.dump.
Any ideas on this?
>
> where ^H is backspace I don't think matches. Rather than \w+ maybe
> [^\s]+ (i.e. match a sequence on non-space) may change things?
>
Thanks for the tip. Although this is does not appear to be the issue now, I
have applied the change as it will most likely come in handy later.
Thanks again.
- Michael A.
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
