Re: [Simple-evcorr-users] SEC key for correlation

Thu, 31 Oct 2013 23:49:50 -0700 

hi,

if you would like to know what event correlation operations are currently
active and what keys the have, send the SIGUSR1 signal to the sec process.
This will create a dump file (by default /tmp/sec.dump) which contains a
lot of information about sec internals. Among other info, the list of
active event correlation operations is printed, and each operation is
printed with its key.

Also, since Pair* operations have dynamic patterns (defined with pattern2
field), you can see how the pattern has been set up for each operation.

One thing to note is that once the dump file has been created, sec does not
overwrite it for security reasons, but you have to remove the old file
before creating the new with SIGUSR1.

kind regards,
risto



2013/10/31 Rolf Nufable <[email protected]>

> I'm new to SEC and I've been trying to correlate logs, and I've made a
> simple correlation using pairing method and writing it to a specific text
> file, now my problem is how could I find the key that sec makes when it
> correlates? As said in the SEC page it creates a key when it correlates to
> identify the correlated events
>
> please help me
>
>
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Simple-evcorr-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
>

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to