Hi, i just want to integrate a SingleWithThreshold rule that works like this:
i receive a trap to /var/log/snmptt/snmpttunknown.log. The first trap's line in the log contains this: Fri May 21 11:44:16 2010: Unknown trap (OID) received from 10.15.112.38 at: where OID is a variable large number. Then i call this rule: #Don't show alert until it repeats 5 times in 1 minute type=SingleWithThreshold ptype=RegExp pattern=Unknown trap (\S+) desc=Mensaje de $1 action=shellcmd /home/javier/msg.sh --> this script is: #!/bin/sh (next line) echo umbral superado >> traps.log window=60 thresh=5 in this way: perl sec.pl -conf=my2.conf -syslog=/var/log/snmptt/snmptthandler.debug But it doesn´t writes nothing in traps.log. So, anyone knows what am i doing surely wrong? thanks
------------------------------------------------------------------------------
_______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
