Hello SEC Users,
Base on SEC documentation *Suppress* rules doesn’t support “continue” field like other rules. My understanding is that if suppress rule match event the search for matching rules ends in the *current* configuration file. Let’s consider this simple example with two config files: Config file: 01.sec type=Suppress ptype=RegExp pattern=foo desc=$0 Config file: 02.sec type=Single ptype=RegExp pattern=foo continue=EndMatch desc=$0 action=write - foo matched If you launch sec: sec -conf=./*.sec -input=- And put “foo” in the input: * In first configuration file suppression rule match "foo" and switch to next configuration file. * In second configuration file Single rule match "foo" and action is taken. I think it can be beneficial if "Suppress" rule will support *continue* filed so I can tell that I don't want to continue to find match in *all* next configuration files. I know that I can achieve this by replacing "Suppress" rule in 01.sec configuration file by "Single" rule and do not take any action and define continue=EndMatch. Thanks, Dusan
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
