2016-12-29 0:30 GMT+02:00 Martin Etcheverry <mar...@etcheverri.com>:
> Hi Risto , thank you for your time.
> Yes i already tried that; also i see something strange , the instance of
> sec still running ..even when the time is up.
>
> root 7807 3312 0 17:09 ? 00:00:01 /usr/bin/perl -w
> /usr/local/bin/sec --conf=/etc/sec/sec.conf --notail --input=-
> --log=/var/log/sec.log --debug=6
>
> any idea?
>
what does "time is up" mean? Does it mean that rsyslog has closed the pipe
to sec? In that case, there should be a relevant message in sec debug log:
"No writers on input pipe -, closing the pipe". Also, have you tried
sending the USR1 signal to the sec process? There is a section in this file
which describes the state of inputs. Is standard input reported as open?
kind regards,
risto
>
> Thanks
> Martín
>
>
> 2016-12-28 18:46 GMT-03:00 Risto Vaarandi <risto.vaara...@gmail.com>:
>
>> hi Martin,
>> it could be that sec is not able to find the 'mail' program, since the
>> directory where 'mail' resides is not in the search path.
>> What happens if you try absolute path, e.g., /usr/bin/mail -s '%s'
>> somem...@somedomain.com?
>> kind regards,
>> risto
>>
>> hi i configured a rule on sec , that is feeded by rsyslog , everything
>> is fine but i am stuck in the dumbest way - the mail sending-
>>
>>>
>>> here is my rule:
>>>
>>> type=PairWithWindow
>>> ptype=RegExp
>>> pattern=([^\ ]*\ ){2}((\S+):)\W\3\Wnew\W\w+\W+\ \w+
>>> desc=No cancellation event for $3 after 10 minutes
>>> action=pipe '%s' mail -s '%s' somem...@somedomain.com
>>> ptype2=RegExp
>>> pattern2=([^\ ]*\ ){2}((\S+):)\W\3\Wcancelled\W\w+\W+\ \w+
>>> desc2=event for $3 was cancelled
>>> action2=logonly
>>> window=600
>>>
>>> everything work fine , even sec reports that send the mail, here is the
>>> sec log :
>>>
>>> Wed Dec 28 14:14:40 2016: Feeding event 'No cancellation event for
>>> SOMESERVER after 10 minutes' to shell command 'mail -s 'No cancellation
>>> event for SOMESERVER after 10 minutes' somem...@someserver.com'
>>> Wed Dec 28 14:14:40 2016: Child 5513 created for command 'mail -s 'No
>>> cancellation event for SOMESERVER after 10 minutes'
>>> somem...@someserver.com'
>>>
>>> from command line i run the mail command and sends , i don´t know what i
>>> am doing wrong, any hint is welcome!
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> ::: (\(\
>>> *: (=' :') :*
>>> ... (,('')('')....
>>> mar...@etcheverri.com
>>> Consultoria de sistemas
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Simple-evcorr-users mailing list
>>> Simple-evcorr-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>>>
>>>
>>
>
>
> --
>
> ::: (\(\
> *: (=' :') :*
> ... (,('')('')....
> mar...@etcheverri.com
> Consultoria de sistemas
>
>
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
