2014-08-22 18:41 GMT+03:00 Yuheng Du <[email protected]>:
> Can I know the difference of using spawn and using SinglewithScript rule?
>
SingleWithScript allows for conditional execution of an action list, based
on the exit code from an external program. When this external program is
executed, the names of all currently existing contexts are written to its
standard input.
The 'spawn' action runs an external program, and every line what this
program writes to its standard output will be captured by sec and turned
into sec input event.
hth,
risto
>
>
> On Fri, Aug 22, 2014 at 3:38 AM, Risto Vaarandi <[email protected]>
> wrote:
>
>> 2014-08-22 8:26 GMT+03:00 Yuheng Du <[email protected]>:
>>
>>> Hi Guys, I have a perl program who uses Search:Elasticsearch to do a
>>> query based on input variables.
>>>
>>> The two input variables are given in a Single rule, When I use 'spawn'
>>> action to execute this script:
>>>
>>> #check if stats requirements are met, 1 sigma is used.
>>> type=Single
>>> ptype=RegExp
>>> pattern=\"reading(\d+)\"\s+=>\s+([-+]?\d*\.?\d+)
>>> desc=CAPTURE_READING_$1
>>> action=write - reading$1 of %id $2;\
>>> spawn /usr/bin/perl /home/yuheng/Downloads/SEC/sec-2.7.5/calMean.pl
>>> "%id" "$2"
>>>
>>> it gives me an error:
>>>
>>> [NoNodes] ** No nodes are available: [localhost:9200], called from sub
>>> Search::Elasticsearch::Transport::__ANON__ at
>>> /usr/local/share/perl/5.14.2/Try/Tiny.pm
>>> line 81.Child 3215 terminated with non-zero exitcode 255 ( /usr/bin/perl
>>> /home/yuheng/Downloads/SEC/sec-2.7.5/calMean.pl "aiken_7" "0.0" )
>>>
>>>
>>> But if I do a SingleWithScript like this:
>>> #check if stats requirements are met, 1 sigma is used.
>>> type=SingleWithScript
>>> ptype=RegExp
>>> pattern=\"reading(\d+)\"\s+=>\s+([-+]?\d*\.?\d+)
>>> desc=CAPTURE_READING_$1
>>> script=/usr/bin/perl /home/yuheng/Downloads/SEC/sec-2.7.5/calMean.pl
>>> "%id" "$2"
>>> action=write - reading$1 of %id $2;\
>>>
>>> It compiles, but the second argument ""%id", which is an action variable
>>> from another rule, could not be passed to the perl script correctly.
>>>
>>
>> The action list variables can be used only in action lists (rule fields
>> which have the 'action', 'action2', etc keywords). Due to the design of
>> action list, action list variables have to be substituted right before the
>> action list gets executed, but this often happens way after the rule
>> matching. Using action list variables in all rule fields would thus involve
>> two substitution rounds which would make the design and clarity of the
>> rules more complex. (For example, the timestamp variable %t could hold both
>> the time of rule matching and action list execution.) For the sake of
>> simplicity, action list variables are only visible in action lists and
>> their substitution takes place at the list execution.
>> kind regards,
>> risto
>>
>>
>>>
>>> Can anyone help?
>>>
>>> Thanks,
>>>
>>> Yuheng
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Slashdot TV.
>>> Video for Nerds. Stuff that matters.
>>> http://tv.slashdot.org/
>>> _______________________________________________
>>> Simple-evcorr-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>>>
>>>
>>
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
