I run sec with root 9041 0.4 0.0 8376 2440 ? S Apr05 7:26 /usr/bin/perl -w /usr/bin/sec -conf=/etc/sec.conf -input=/var/log/xpl.log -input=/var/log/syslog -input=/var/log/bind/named.log -input=/var/log/zoneminder.log -input=/var/local/src/misterhouse/data/logs/print.log -pid=/var/run/sec.pid -detach -log=/var/log/sec.log
I have other SingleWithSuppress rules that seem fine. But this one triggers for each event, and I can't figure out why. The rule: type=SingleWithSuppress ptype=RegExp pattern=DoorLockChg: Front Door UNKNOWN STATE window=3600 desc=$0 action=pipe '%t: $0' /usr/bin/mail -s "sec: %s" email I tried in debug mode from the command line and the mail only gets sent once. gargamel:~# sec -input=- -debug=5 -conf=/etc/sec.conf SEC (Simple Event Correlator) 2.5.3 Reading configuration from /etc/sec.conf Stdin connected to terminal, SIGINT can't be used for changing the logging level DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6 Feeding event 'Sun Apr 6 13:26:15 2014: DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6' to shell command '/usr/bin/mail -s "sec: DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6" email' DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6 And yet, if you see the malis below, I got 6 in a row a few seconds apart. I'm stumped. What am I missing? Thanks, Marc ----- Forwarded message from root <[email protected]> ----- Date: Sun, 06 Apr 2014 12:46:05 -0700 Subject: sec: 06/04/2014 12:46:02 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) Sun Apr 6 12:46:05 2014: 06/04/2014 12:46:02 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) ----- End forwarded message ----- ----- Forwarded message from root <[email protected]> ----- Date: Sun, 06 Apr 2014 12:46:07 -0700 Subject: sec: 06/04/2014 12:46:07 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) Sun Apr 6 12:46:07 2014: 06/04/2014 12:46:07 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) ----- End forwarded message ----- ----- Forwarded message from root <[email protected]> ----- Date: Sun, 06 Apr 2014 12:46:12 -0700 Subject: sec: 06/04/2014 12:46:12 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) Sun Apr 6 12:46:12 2014: 06/04/2014 12:46:12 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) ----- End forwarded message ----- ----- Forwarded message from root <[email protected]> ----- Date: Sun, 06 Apr 2014 12:46:17 -0700 Subject: sec: 06/04/2014 12:46:17 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) Sun Apr 6 12:46:17 2014: 06/04/2014 12:46:17 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) ----- End forwarded message ----- ----- Forwarded message from root <[email protected]> ----- Date: Sun, 06 Apr 2014 12:46:22 -0700 Subject: sec: 06/04/2014 12:46:22 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) Sun Apr 6 12:46:22 2014: 06/04/2014 12:46:22 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) ----- End forwarded message ----- ----- Forwarded message from root <[email protected]> ----- Date: Sun, 06 Apr 2014 12:46:27 -0700 Subject: sec: 06/04/2014 12:46:27 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) Sun Apr 6 12:46:27 2014: 06/04/2014 12:46:27 DoorLockChg: Front Door UNKNOWN STATE (UNDEF(cat: /etc/owfs/uncached/8_Channel_IO/sensed.6: No such file or directory)) ----- End forwarded message ----- -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | PGP 1024R/763BE901 ------------------------------------------------------------------------------ _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
