Hi, i use snmptt to trap handle. Some of the traps that i receive, correlate and process with SEC with an determinate OID, i apply them a 'SingleWithSuppress' rule and it seems to work fine. But i need to trap back to snmptt to show the last coincidance later and i don´t know how to do it although i´ve seen that part in this link: http://snmptt.sourceforge.net/docs/snmptt.shtml#SEC
That´s how o got it: perl sec.pl -conf=my2.conf -input=/var/log/snmptt/snmptt.log my.conf: #Show the same alert only one time in 5 minutes type=SingleWithSuppress ptype=RegExp pattern=<OID_x> desc=servicio action=shellcmd /home/javier/msg.sh <- Only writes a log window=300 snmptt.conf: ... EVENT <TRAP TYPE> <OID_x> "Status Events" Normal EXEC tail -1 /var/log/snmptt/snmptt.log | grep <OID_x> >> /var/log/snmptt/snmptt.sec.log FORMAT .... snmptt.conf.sec: ... EVENT <TRAP TYPE> <OID_x> "Status Events" Normal EXEC tail -1 /var/log/snmptt/snmptt.log | grep <OID_x> >> /var/log/snmptt/snmptt.sec.log FORMAT .... And that´s the point where i find myself... a little bit lost. Any advice changing or modifying any data of here, will be very appreciated. Thanks!!
------------------------------------------------------------------------------
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
