Hi Risto,
I have a little doubt that i haven´t seen in the documentation.
I want to detect and keep some data from the logs and then read the context
again and extract this data to process this info throught a perl function.
It´s a mail logging that creates various lines for one email.
One log line has the subject and mid(internal unique id number for email)
and other line has the sender email address with mid.
I´m using sec 2.6.2 + Strawberry perl. I can´t update sec library. :(
Input data:
________________________________________________________________________________
email:Mid 52364 Subject:'Hello World'
email:Mid 52365 Subject:'Hello World'
email:Mid 52366 Subject:'Hello World'
email:Mid 52366 sender:'s...@sec.com'
email:Mid 52365 sender:'ja...@seco.com'
email:Mid 52364 sender:'pe...@sec.com'
SEC + Perl Code:
rem=detect mid y subject
type=Single
ptype=Regexp
pattern=email:Mid\s(\d+)\sSubject\:\'([^\']*)\'
varmap=SubjectMID;log=0;mid=1;subject=2
continue=TakeNext
desc=parser mid y subject
action=none
rem=create context and store first mid-count 2 and 3
type=EventGroup1
ptype=Cached
pattern=SubjectMID
context=SM_$+{subject}
thresh=2
window=60
count=add SM_$+{subject} $+{mid}
desc=create context by subject_$+{subject}
end=delete SM_$+{subject}
action = eval %o ( \
$i=0;\
my(@arraymids)=();\
####################################\
#Here i want to read again the context and extract the values. Add to the
array for processing.\
@midcont=("52366","52365","52364");\
###################################
@files = <C:\\files\\m*.log>;\
print "@files";\
if(@files){\
foreach $file (@files) {\
open (FILE, "$file");\
while($line= <FILE> ){\
my ($mid, $email)= $line=~ m/email:Mid\s(\d+)\ssender\:\'([^\']*)\'/gi;\
print "\n====>Vuelta\n";\
foreach my $lmid (@midcont) {\
print "\nMid fichero===>$mid\tlmid===>$lmid\n" if defined($mid);\
if ($mid == $lmid){\
my ($username, $domain) = $email =~ /(.*)@(.*)/;\
print "\nDOMAIN FINDED===>$domain\n";\
unshift(@arraymids, $domain);\
}\
}\
}\
}\
if($arraymids[0] eq $arraymids[1] && $arraymids[0] eq $arraymids[2]){\
print "\n=======>SAME DOMAIN\n";\
}else{\
print "\n=======>Different DOMAIN\n";\
}\
}else{\
print "========>NO FILES TO SEARCH";\
}\
);reset 0;
rem=create context and store first mid-count 1
type=Single
ptype=Cached
pattern=SubjectMID
context=!SM_$+{subject}
continue=TakeNext
desc=create context by subject_$+{subject}
action=create SM_$+{subject} 60; add SM_$+{subject} $+{mid}
Thank you for your help Risto. Regards.
------------------------------------------------------------------------------
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
