https://bugzilla.balabit.com/show_bug.cgi?id=243 Summary: patterndb rule should allow action upon context timeout Product: syslog-ng Version: 3.3.x Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: bugzilla.balabit@faxm0dem.org Type of the Report: enhancement Estimated Hours: 0.0 Currently in an event correlation configuration, when a certain context times out, the whole rule is thrown away. It would be very useful to be able to trigger an action when a rule's context-timeout is reached. Of course the ability to add a timeout_action for every rule would further enhance the idea. Example: <ruleset name='dummy_ruleset' id='03eb0142-4b0c-4226-ac98-6bcb03e59e00'> <pattern>dummy_program</pattern> <rules> <rule provider="dummy_provider" id="0cc9a000-2a4e-41f2-b30b-09d67af68ddc" class='dummy_class' context-timeout="300" context-scope="program" context-id="dummy_context"> <patterns> <pattern>First message has @ANYSTRING:dummy_string@</pattern> </patterns> <timeout_actions> <action> <message> <values> <value name="MESSAGE">Timeout: Failed to correlate ${dummy_string}@1 with anything</value> </values> </message> </action> </timeout_actions> </rule> <rule provider="dummy_provider" id="6fbefe59-3448-4b29-8c4f-7d9c1ab65a4c" class='dummy_class' context-scope="program" context-id="dummy_context"> <patterns> <pattern>Second message has @ANYSTRING:dummy_string@</pattern> </patterns> <actions> <action> <message> <values> <value name="MESSAGE">Correlated ${dummy_string}@1 with ${dummy_string}@2</value> </values> </message> </action> </actions> </rule> </rules> </ruleset> -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.