I want to implement a rule that looks something like this... pattern=invalid data (.*) at context (.*) action=shellcmd /path/to/report.sh "invalid data" '$1' '$2'
However, the data and context are not internally controlled, so they could possibly contain shell metacharacters. For example, if a log message is invalid data '`touch /root/attack`' at context foo then the shell command will execute the command 'touch /root/attack'. It seems like the -quoting option only affects the rule description. I was not able to find any way to ensure that $-substitutions in the shellcmd are properly quoted? --David ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
