hi Savakh, I would recommend few small modifications to the rule. Firstly, the regular expression given with the 'pattern' field does not need to be enclosed in double quotes -- if you use them, they are treated as a part of the regular expression itself. The same goes for the filename given in the 'action' field -- any preceding or following double quote will be treated as the part of the filename, which is probably not what you want. After modifying the rule accordingly
type=Single ptype=RegExp pattern=test desc=detect test action=write /var/log/test.log it will match any line that gets written to /var/log/my_log.log and contains the string test and will write the string detect test to the file /var/log/test.log. kind regards, risto 2016-08-04 16:38 GMT+03:00 Savakh S <[email protected]>: > Hello all, > > When I run SEC nothing seems happening : > > # sec --conf=my_file.conf --input=/var/log/my_log.log > Reading configuration from my_file.conf > 1 rules loaded from my_file.conf > Opening input file /var/log/my_log.log > Interactive process, SIGINT can't be used for changing the logging level > > > The content of my_file.conf : > type=Single > ptype=RegExp > pattern= "test" > desc=detect test > action=write "/var/log/test.log" > > Anybody can help me ? > > Thanks a lot. > > > ------------------------------------------------------------ > ------------------ > > _______________________________________________ > Simple-evcorr-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > >
------------------------------------------------------------------------------
_______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
