Hello:
In message <562045df.3050...@jlbond.com>,
Bond Masuda writes:
>I want to create a rule that simply tells me that I'm getting messages
>from a particular log file. I'm maintaining this state information in a
>context and reset the TTL of the context when I get a message. I'm also
>using -intcontexts to distinguish that I'm getting the message from that
>log file. My rule is like this:
>
>type=Single
>continue=TakeNext
>context=[_FILE_EVENT_/var/log/test_log && TEST_ALIVE]
>desc=reset TEST_ALIVE context ttl to 120
>action= set TEST_ALIVE 120
>
>Basically, I just want to reset the context TTL, and move on to the
>other rules. However, I'm getting these types of error messages:
>
>Keyword 'pattern' missing (needed for SINGLE rule)
>Keyword 'ptype' missing (needed for SINGLE rule)
>
>I suppose I can just put a simple pattern like:
>
>ptype=regexp
>pattern=^.
If you assume there is at least one character in the line, use "^."
otherwise you use .* (which allows 0 characters) as the pattern.
>But that would be an extra operation and I wonder if there is a more
>efficient way?
Does:
ptype = tvalue
pattern = TRUE
work?
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
