[Simple-evcorr-users] Setup and use of context and variables.

Tue, 09 Oct 2012 15:44:37 -0700 

Hi,
I've got a question  or two on CONTEXT and PATTERNS.

I've written the following rule, and it appears to work fine... that is, with 
the hostname in $4 it returns a data-center and pod that the hostname resides 
in, and the 1st time it runs context is not set... so the rule works since I'm 
using "!" with CONTEXT.  All is good.

And then... since I'm creating the context in the action statement, the 
rule-action doesn't run again, since the CONTEXT matches and I'm looking for 
"!CONTEXT".

Question #1:
==========
If I enclose context in [] so that it looks at context 1st before the 
pattern-match, can this even work since $4 defines a value out of the pattern 
match (i.e. the node name)?   That is... context=[!POD_TABLE_MATCH::$4], or is 
this use of context really reserved for "just strings" without variables?

Question #2:
==========
Once I create a context-string, is there a way to do pattern-matching on the 
context name?

What I'd like to do is have the CONTEXT name equal something 
like"nodexyz::DC1::POD1", and then to a pattern match to see if the node name 
equals "nodexyz" is contained in that CONTEXT name.

Question #3:
==========
In the example below... is %dc_pod visible to all rules?  AND I assume that 
once another event comes in that matches the rule that the value gets changed 
to the new node::dc::pod.  True?

Thanks.  I hope I explained my problem !!!  SEC is fun to use !!!

Gary Boyles


type=Single
continue=TakeNext
ptype=RegExp
pattern=(\d+)\s+::\s+(PLT|INF).*\s+::\s+(\S+)\s+::\s+(\S+)\s+::\s+(CRITICAL)\s+::\s+(\S.*)
context=!POD_TABLE_MATCH::$4
desc=POD_TABLE_MATCH::$4
action=lcall %dc_pod $4 -> ( sub {                      \
        if ( exists ($pod{$_[0]}))                      \
          { return "$_[0]::$pod{$_[0]}"; }              \
        else                                            \
          { return "0"; }                               \
        } );create POD_TABLE_MATCH::$4 30;write /sec/log/sec.main.log 
POD_TABLE_MATCH::%dc_pod

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to