type=Single
ptype=regexp
pattern=T(\d\d:\d\d:\d\d).*?(\S+)\s+nodewatch.*?: (.*)
desc=NodeWatch on $2 at $1
action=write /home/tocops/.tocpipe nodewatch $1 $3

##</code><code>##

[...]
{
  # Declare variables
  my $fifo;         # The pipe from which we'll read
  my $input;        # Text which SEC handed us
  my $clean;        # $input stripped of annoying characters
  my $text;         # $clean, stripped of the log name

  MAIN_LOOP:
  while (1) {

    # Open pipe
    ualarm(0);
    unless (open $fifo, '<', $pipe) {
      log_it("Cannot open $pipe: $!");
      sleep 5;
      next MAIN_LOOP;
    }

    # Give ourselves .01s to read input
    ualarm(10000);
    $input = <$fifo>;
    next MAIN_LOOP unless defined $input;
    chomp $input;

    # Process input
    alarm(0);
    next MAIN_LOOP unless $clean = strip_junk($input);
    next MAIN_LOOP unless $log   = find_log_name($clean);
    ($text) = ($clean) =~ /^\w+\s+(.*)/;
    write_line($text);
  }
}
[...]

##</code><code>##

2024-06-01T05:43:27.241457-07:00 rocky sec[123632]: Writing event 'nodewatch 05:43:26 flem [+3]' to file '/home/tocops/.tocpipe'
2024-06-01T05:43:27.241858-07:00 rocky sec[123632]: Writing event 'nodewatch 05:43:26 flem [up]' to file '/home/tocops/.tocpipe'

##</code><code>##

2024-06-01T05:43:26.119268-07:00 ubuntu sec[664336]: Writing event 'nodewatch 05:43:26 flem [+3]' to file '/home/tocops/.tocpipe'
2024-06-01T05:43:26.119887-07:00 ubuntu sec[664336]: Writing event 'nodewatch 05:43:26 flem [up]' to file '/home/tocops/.tocpipe'

##</code><code>##

Rocky 8.9:     perl-5.34.2
Ubuntu 22.04:  perl-5.34.0