hi Jaren,
if you want to have variables which are set during run time and which have
the global scope across all rule files, you can harness sec action list
variables for this purpose. For example, suppose you have the following two
rule files test-a.rules and test-b.rules:
# test-a.rules
#
type=Single
ptype=RegExp
pattern=test1: (\S+)
desc=set action list variable mytest
action=assign %mytest $1
# test-b.rules
#
type=Single
ptype=SubStr
pattern=test2
desc=echo action list variable mytest
action=write - %mytest
Also, suppose sec is started with the command line:
sec --conf=test-*.rules --input=-
and gets all its input events from standard input.
If a line "test1: myvalue" is typed in, this event will set action list
variable %mytest to "myvalue", while typing in "test2" will print the
current value of %mytest.
I am not sure if action list variables help you to accomplish the thing you
want to do, but hopefully the above simplistic example helps to clarify how
they could be harnessed.
However, action list variables can be set and accessed only during runtime.
If you are looking for macros that would be evaluated during rule file
parsing phase, there is currently no support for this in sec itself, but
you have to rely on external packages (like m4).
kind regards,
risto
2016-04-11 12:37 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
> I add is it possible to create global variables to all sec files?
>
>
> Thank you. Regards.
>
> 2016-04-11 11:35 GMT+02:00 Jaren Peich <burkol...@gmail.com>:
>
>> Hi,
>>
>> I have to read some files from specific text files in some sec alert
>> files and i want to create a library which load this files in a perl hash
>> table or an array. Also i want to create in this library methods to read or
>> search strings from the files loaded or create a tag to point the content
>> of the files to be used in all of sec files. Is it possible to do this? I´m
>> quite lost.
>>
>>
>> Thanks for your help. Regards.
>>
>>
>>
>
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
