Hey. who uses logsurfer to do complex actions? There's a distinct lack of useful config samples on the web about this cool program. My hope is that someone on this list knows better than I how to make this thing work well. What I'm trying to do is create a dynamic context with a timeout value that will execute an action if a specific message is *NOT* received in a certain time period. As a trivial example, lets say I see a message like the following: Dec 12 00:00:00 loghost newsyslog[29434]: logfile turned over I would like to be able to open a context on ".*" that waits for any other message to arrive in the logfile and if a message DOES arrive, i would like to delete the context and do nothing. but if no message arrives in the timeout period, I would like to send a panic message "Hey, logging is broken!" or somesuch. Or, to put this problem in another light, lets say i get a message that says that a user has logged in to a system, and I expect them to log out within, oh, 8 hours. I would like to generate an alert if no corresponding Logout message appears. The problem is, logsurfer doesn't seem to have a clear way to express an if-then-else case, and I'm being too stupid to see how to express this with "rule before" and "continue" clauses; but I'm thinking that's about all that will be able to do this. Hints? Anyone? Thanks in advance... -- .emf.
This archive was generated by hypermail 2b30 : Sat Dec 15 2001 - 03:12:15 PST