Hello Mark: In message <ca+faja_a7t5srbf_-u-sb0oaohvpgrb7m-5vxr5mrpqvoho...@mail.gmail.com> , Mark Keisler writes: >Is there a way to set variables that can be used across all rules in an SEC >config? For instance, I am using actions mainly to pipe into sending >email. It would be nice to define $MAILTO and $HOSTNAME so that the pipe >command doesn't have to run `uname -n` every time and have the email >addresses typed out.
All action list variables are global. So just set up a rule That runs when SEC starts or reloads to define your variables. Something like: type = single ptype=regexp pattern=^SEC_.* desc = set variable for later use action = assign %EMAIL_NOTIFY [email protected]; \ assign %SECURITY_NOTIFY [email protected]; \ eval %HOSTNAME (use Sys::Hostname; return hostname();); then they can be used in actions: action = pipe '$0' /bin/mailx -s "a security issue" %{SECURITY_NOTIFY} See the sec man page for details on eval assign nd action list variables. Also start your sec using -intevents (IIRC) to get the SEC* events on start, reload etc. -- -- rouilj John Rouillard =========================================================================== My employers don't acknowledge my existence much less my opinions. ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
