Hi,
when i receive an alert, i would like to write in a log file
_ OK the first time i reach the threshold during window time
_ NOK other times
My rules looks like :
type=SingleWithThreshold
continue=TakeNext
ptype=regexp
pattern=.*
desc=FREQUENCY
action=write output.txt "OK";\
create downContextFrequency;
window=30
thresh=3
type=Single
continue=TakeNext
ptype=regexp
pattern=.*
context=!downContextFrequency
desc=FREQUENCY
action=write output.txt "NOK";
type=Single
continue=TakeNext
ptype=regexp
pattern=.*
context=downContextFrequency
desc=FREQUENCY
action=delete downContextFrequency
It works, but , do you have any other/better ideas to do that (with
less than three rules) ?
I tried to use the parameter continue="Goto x" but with the rule
SingleWithThreshold, goto is used each time pattern match (and not
when threshold is reached).
Best regards,
Antonin.
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
