Paul,
It depends how you're trying to use this line of input after matching on
it. RegExp or perlfunc usually works best for me, but there's a variety
of examples on the man page for SEC:
http://simple-evcorr.sourceforge.net/man.html#lbAG
The simplest (below) assuming you wanted to capture the value in ms (44)
as a substitution variable for use later in the rule. If not, drop the (
) around (\d+)
ptype=RegExp
pattern=\[org.apache.catalina.startup.Catalina\] Server startup in (\d+)
ms
There's many different avenues for accomplishing pattern matching in SEC
depending on your desired results. Most revolve around perl regular
expression matching, so brushing up on that is likely going to be your
best resource - aside from the SEC mailing list. :)
Thanks,
Aaron Erickson
[email protected]
Zoot Enterprises, Inc. www.zootweb.com
555 Zoot Enterprises Lane, Bozeman, MT 59718
406.556.7529 fax: 406.587.8414
This email, including any attachments, is confidential and may not be
redistributed without permission. If you are not an intended recipient,
you have received this message in error. Please notify us immediately by
replying to this message, and then deleting it from your computer. Thank
you.
From:
<[email protected]>
To:
<[email protected]>,
Date:
06/24/2013 10:28 AM
Subject:
[Simple-evcorr-users] Pattern Match question
Is there a good resource to demonstrate how to match more complex
patterns? I need to match this pattern and I?m stumped.
[org.apache.catalina.startup.Catalina] Server startup in 44 ms
Any help is greatly appreciated.
Paul Fontenot
Enterprise Key Management & Public Key Infrastructure | EIST&O | ETS | TOG
| Wells Fargo
2600 S. Price Rd. 2nd Floor | Chandler, AZ 85286
MAC S3939-022
Cell (480) 650-0301
[email protected]
This message may contain confidential and/or privileged information. If
you are not the addressee or authorized to receive this for the addressee,
you must not use, copy, disclose, or take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation.[attachment "smime.p7s" deleted by
Aaron Erickson/Zoot]
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
