Ahhh I see. Thank you for your help!! This gives me much more to work with!
> On Oct 4, 2016, at 1:04 PM, Risto Vaarandi <risto.vaara...@gmail.com> wrote: > > hi, > the SECRC environment variable can only point to one file, and you > need to set this variable differently for each instance. For example: > > env SECRC=/etc/sec/secrc1 /usr/bin/sec --pid=/run/sec1.pid > --log=/var/log/sec1.log > env SECRC=/etc/sec/secrc2 /usr/bin/sec --pid=/run/sec2.pid > --log=/var/log/sec2.log > > In other words, the resource file is not designed as a mechanism for > starting multiple instances, but it rather provides options for one > specific instance. > > If you are using a Linux distribution with systemd, I would recommend > to use the Environment directive in sec service files (if I am not > mistaken, %I specifier can be used with Environment directive which > allows for having just one service file for multiple sec instances, > and set instance name based value for SECRC). > If you have systemd, there is also a relevant example in sec rule > repository: https://github.com/simple-evcorr/rulesets/blob/master/systemd.md > > kind regards, > risto > > > 2016-10-04 22:30 GMT+03:00 Yahoo <rahni.wal...@yahoo.com>: >> Hello Mr. Vaarandi, >> >> I though the SECRC variable only points to one location? We have this >> defined in /etc/sysconfig/sec: >> Export SECRC=/etc/sec/secrc >> >> Should I just be adding appending locations to the environment variable ie >> >> Export SECRC=$SECRC:/etc/sec/secrc:/etc/sec/secrc2 ...etc >> >> And if we did that, how would each instance of sec know which path to use >> for its resource file..? >> >> Thank you >> >> >>> On Oct 4, 2016, at 11:55 AM, Risto Vaarandi <risto.vaara...@gmail.com> >>> wrote: >>> >>> hi, >>> when a sec process reads its resource file, *all* options from the >>> resource file are appended to its command line options (comment lines >>> and whitespace lines are excluded from consideration). Therefore, when >>> you start several sec instances with the same resource file, each >>> instance has identical command line options (an excerpt from sec dump >>> file): >>> >>> Program information: >>> ============================================================ >>> Program version: SEC (Simple Event Correlator) 2.7.8 >>> Time of the start: Tue Oct 4 21:39:04 2016 >>> Time of the last configuration load: Tue Oct 4 21:39:04 2016 >>> Time of the dump: Tue Oct 4 21:39:39 2016 >>> Program resource file: /home/risto/secrc >>> Program options: -conf=/etc/sec/app1.sec -input=/var/log/app1.log >>> -conf=/etc/sec/app2.sec -input=/var/log/app2.log >>> -conf=/etc/sec/app3.sec -input=/var/log/app3.log >>> -conf=/etc/sec/app4.sec -input=/var/log/app4.log >>> -conf=/etc/sec/app5.sec -input=/var/log/app5.log >>> -conf=/etc/sec/app6.sec -input=/var/log/app6.log >>> >>> Environment: >>> ============================================================ >>> ... >>> SECRC=/home/risto/secrc >>> >>> >>> In order to address this problem, you need to set up a separate >>> resource file for each instance. >>> >>> Hope this helps, >>> risto >>> >>> >>> 2016-10-04 20:56 GMT+03:00 Yahoo <rahni.wal...@yahoo.com>: >>>> Hello, >>>> >>>> >>>> We have an issue where we are managing several monitors for several >>>> different log files; due to our setup, we need to utilize the resource file >>>> to be able to add the correct configurations i (we used to do this in >>>> /etc/sysconfig/sec with several sec_args[n]=<content> arguments, but we >>>> needed to use the resource file to automate our process) >>>> >>>> >>>> However, we are seeing a problem. >>>> >>>> We have pairs of inputs and config files listed in the resource file. For >>>> example: >>>> >>>> # App1 error monitoring >>>> >>>> -conf=/etc/sec/app1.sec >>>> -input=/var/log/app1.log >>>> >>>> # App2 error monitoring >>>> >>>> -conf=/etc/sec/app2.sec >>>> -input=/var/log/app2.log >>>> >>>> # App3 error monitoring >>>> >>>> -conf=/etc/sec/app3.sec >>>> -input=/var/log/app3.log >>>> >>>> # app4 error monitoring >>>> >>>> -conf=/etc/sec/app4.sec >>>> -input=/var/log/app4.log >>>> >>>> # app5 error monitoring >>>> >>>> -conf=/etc/sec/app5.sec >>>> -input=/var/log/app5.log >>>> >>>> # app6 error monitoring >>>> >>>> -conf=/etc/sec/app6.sec >>>> -input=/var/log/app6.log >>>> >>>> But when we start sec, we get some conf files using the wrong input, for >>>> instance, we get the -conf file for app1 utilizing the input for app2. >>>> >>>> How do we get around this? Is it something to do with the buffer >>>> options...? >>>> >>>> We just want each pair only to monitor the input file listed below it. >>>> >>>> >>>> Thank you >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >>>> _______________________________________________ >>>> Simple-evcorr-users mailing list >>>> Simple-evcorr-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users >> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
