I'm trying to use SEC now, instead of SWATCH. Any progress on getting
things up on your website?
If I manually run against a log file, it works great, but I'm trying to
integrate it into syslog-ng.
I saw a post where you showed the following:
#######################################
destination d_sec {
program("/usr/local/sbin/sec.pl -input=\"-\"
-conf=/usr/local/etc/sec.conf >/var/log/sec.err 2>&1");
};
# send all logs to sec
log {
source(src);
filter(f_not_brightmail);
destination(d_sec);
};
#######################################
I made up my own filter to include all facilities so as to watch for
everything. But I'm not getting it to work, it never reports back. If
I do a "ps -ef", I can see that syslog-ng did start up the SEC
process... but no luck.
Any help would be appreciated.
Thanks,
Chris
*******************************
The information contained in this message may be privileged and/or confidential and
protected from disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited. Note that any views or opinions presented in this
message are solely those of the author and do not necessarily represent those of Ameren.
All emails are subject to monitoring and archival. Finally, the recipient should check
this message and any attachments for the presence of viruses. Ameren accepts no liability
for any damage caused by any virus transmitted by this email. If you have received this in
error, please notify the sender immediately by replying to the message and deleting the
material from any computer. Ameren Corporation
*******************************