Hi Risto,
Thank you very much. Works like a charm.
Best regards
Pawel
2016-04-25 14:59 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
> hi Paweł,
>
> you are seeing this behavior because the 'report' action feeds data to the
> standard input of the given command. In your case, this command is
> /bin/echo. However, /bin/echo does not read anything from standard input,
> but merely prints the string that is given in its command line. In order to
> fix the problem, you can replace /bin/echo with /bin/cat which prints
> anything seen in standard input to standard output.
>
> If the 'report' action gets triggered very often (say, hundreds of times
> per second), you might also consider using the 'write' action instead. For
> example:
>
> copy $1_$2_$3_$4 %buffer; write /var/log/test.log %buffer
>
> In that way, you are avoiding the forking of a new process.
>
> kind regards,
> risto
>
> 2016-04-25 15:41 GMT+03:00 Paweł Sułek <pawel.sul...@gmail.com>:
>
>> Hi,
>>
>> I'm new to SEC, but working hard to get better. Currently I faced a
>> problem I can't handle. I want to store some data in context and report
>> them to file other than sec log. To do that, I write context payload to
>> echo input. But it doesn't to work correctly. It only adds new blank line
>> to file. I created simple rule to show the problem. What I am doing wrong?
>> Why are data stored in context not written to file?
>>
>> Thanks
>>
>> Pawel
>>
>> type=Single
>> ptype=RegExp
>> pattern=(\S+)_(\S+)_(\S+)_(\S+)
>> desc=$0
>> action=create $1_$2_$3_$4; add $1_$2_$3_$4 $0; report $1_$2_$3_$4
>> /bin/echo>>/var/log/test.log
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications
>> Manager
>> Applications Manager provides deep performance insights into multiple
>> tiers of
>> your business applications. It resolves application problems quickly and
>> reduces your MTTR. Get your free trial!
>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>> _______________________________________________
>> Simple-evcorr-users mailing list
>> Simple-evcorr-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>>
>>
>
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
