Hi all,
I am trying to customize our SEC installation to alert and suppress
messages in our syslog. For example I have the following log line from
syslog:
Feb 10 21:16:52 core1.lax1.as11799.net %RPM0-P: CP
%SEC-5-TACACS_ACCESS_ACCEPTED: Tacacs access accepted for user "rancid"
For which I am trying to suppress with the following configuration rule:
type=suppress
ptype=substr
pattern=%SEC-5-TACACS_ACCESS_ACCEPTED:
desc=tacacs login
However this rule (which is at the end), is still triggered:
type=singleWithSuppress
ptype=regexp
pattern=(%.*?:)
desc=$1
action=pipe '$0' mail -s 'Syslog Unknown Event' sec-alert; pipe '$0'
/root/bin/notify-hipchat.py
window=86400
What should I do differently?
Thanks,
Max
------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience. Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
