Hello, forgive me if this is a dumb question. I set up SEC because I want to get a notification when a line matching "foo" appears in the log and is not followed by a line matching "bar". I set up the config like so:
type=PairWithWindow ptype=SubStr pattern=foo desc=Foo without bar action=pipe '%s' /bin/mail [email protected] ptype2=SubStr pattern2=bar desc2=S'all cool action2=none window=2 This works fine for the most part, but sometimes I'll get a sequence like this: foo foo foo bar bar bar In this case, I still get a notification, but I don't want one. I only want one if there's a foo without a corresponding bar (so if I got 3 foos and 2 bars, I *would* want a mail). I've tried various settings but I can't seem to get it to behave like I want. Can anybody point me in the right direction? ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
