1
answer

we need to separate and aggregate events per IP address during a period of time, such that, a single email is sent conteining multiple messages where the same IP is present, is this something that can be done with pm_evcorr?

i hace tried and not yet able to get this functionality, if possible pls provide a quick example.

thanks.

AskedOctober 21, 2015 - 8:43pm

Answer (1)

I think the following approach should work better:

  • Use om_file with File '/path/to/logs/' + $IPAddress + '.log'
  • In a <Schedule> block do this:
    1. Create a script that moves /path/to/logs/*.log to /path/to/logs/queue and call it with xm_exec's exec()
    2. omfile->reopen();
    3. Create a script that emails the files under /path/to/logs/queue and then deletes them. Call the script with exec_async()
AnsweredOctober 22, 2015 - 1:07pm

Comments (1)

  • nxlogdesonim's picture

    interesting, i will give it a try.

    thanks.

    October 26, 2015 - 8:16pm